Subject: Re: The reason for securelevel (was: sysctl knob to let sugid processes dump core (pr 15994))
To: Elad Efrat <elad@NetBSD.org>
From: Michael Richardson <firstname.lastname@example.org>
Date: 01/26/2006 09:25:13
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Elad" == Elad Efrat <elad@NetBSD.org> writes:
Elad> Here's an idea I was discussing with a friend the other day...
Elad> Because securelevels start to have too many affects, we could
Elad> have the knobs separated, and continue to use kern.securelevel
Elad> as a macro.
I think this is a really cool idea.
90% of the things are bits.
One of the bits is the right to toggle the bits.
A compile time option could wire the bits in a particular way.
Elad> So an admin can either go and set kern.securelevel and have
Elad> consistent behavior (as it is today), or go and turn on the
Elad> knobs he's interested; having a bit of securelevel 2, 1, and
Very useful when you want to debug things.
Also very useful if you want to determine how the system might defend
against various intrusions.
Elad> The knobs could all be raise-only (just like kern.securelevel
I suggest that a COMPILE TIME bit determines this
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] email@example.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----