Subject: Re: The reason for securelevel (was: sysctl knob to let sugid processes dump core (pr 15994))
To: Steven M. Bellovin <email@example.com>
From: Michael Richardson <firstname.lastname@example.org>
Date: 01/26/2006 14:05:46
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Steven" == Steven M Bellovin <email@example.com> writes:
Steven> In principle, this is a fine idea. In practice, figuring
Steven> out the right set of bits is non-trivial. It's not a direct
Steven> analogy, but SGI has 48 different privileges that a process
Steven> can have.
You missed the point of the discussion.
(VMS had the same problem)
It is precisely this point which argues for securelevel being a macro.
Yes, we can argue about which bit is which.
However, the very gross-level of securelevel often causes people to
run without an appropriate securelevel due to a single item. Of course
you can shoot yourself in the foot this way (leaving a hole in the
fence) --- but the alternative is often to have no fence.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] firstname.lastname@example.org http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----