Subject: Re: The reason for securelevel
To: Steven M. Bellovin <>
From: Elad Efrat <>
List: tech-security
Date: 01/26/2006 20:31:34
Steven M. Bellovin wrote:

> The hard part is figuring out what all these different 
> bits should be, especially if you want them orthogonal.  I cited the 
> SGI example to show just how many different things you might want to 
> lock down.

if securelevel N does x, y, z; then we make new knobs for x, y, z.
these knobs are raise-only, like securelevel. when you raise
securelevel, you get all its affects -- so the changes don't hurt
any existing configurations/uses.

of course we can always make it a compile-time option whether we
want to go the securelevels-route, lots-of-knobs-route, or the
above described hybrid-route.

also, as michael richardson suggested, the raise-only part (that
resembles today's behavior, and i think should be the default) could
also be set via a compile-time option, making these knobs always


Elad Efrat