Subject: Re: The reason for securelevel
To: Steven M. Bellovin <firstname.lastname@example.org>
From: Elad Efrat <elad@NetBSD.org>
Date: 01/26/2006 20:22:15
Steven M. Bellovin wrote:
> In principle, this is a fine idea. In practice, figuring out the right
> set of bits is non-trivial. It's not a direct analogy, but SGI has 48
> different privileges that a process can have.
let's not over-complicate things just yet: the idea is about separating
the *securelevel* stuff and not creating per-process knobs.
how is the above non-trivial?