Subject: Re: The reason for securelevel (was: sysctl knob to let sugid processes
To: Martin Husemann <email@example.com>
From: Elad Efrat <elad@NetBSD.org>
Date: 01/26/2006 12:54:05
Martin Husemann wrote:
> To be consistent, I think we also should have a sysctl knob that (dis-)allows
> root to ptrace(PT_ATTACH, ...) to suid processes, and forbid changing this
> setting at securelevel >= 1.
Here's an idea I was discussing with a friend the other day...
Because securelevels start to have too many affects, we could have the
knobs separated, and continue to use kern.securelevel as a macro.
So an admin can either go and set kern.securelevel and have consistent
behavior (as it is today), or go and turn on the knobs he's interested;
having a bit of securelevel 2, 1, and -1.
The knobs could all be raise-only (just like kern.securelevel itself).
How's that sound?