Subject: Re: The reason for securelevel
To: Elad Efrat <>
From: Steven M. Bellovin <>
List: tech-security
Date: 01/26/2006 13:26:57
In message <>, Elad Efrat writes:
>Steven M. Bellovin wrote:
>> In principle, this is a fine idea.  In practice, figuring out the right 
>> set of bits is non-trivial.  It's not a direct analogy, but SGI has 48 
>> different privileges that a process can have.
>let's not over-complicate things just yet: the idea is about separating
>the *securelevel* stuff and not creating per-process knobs.
>how is the above non-trivial?
I wasn't suggesting per-process knobs, which is why I said it wasn't a 
direct analogy.  The hard part is figuring out what all these different 
bits should be, especially if you want them orthogonal.  I cited the 
SGI example to show just how many different things you might want to 
lock down.

		--Steven M. Bellovin,