Subject: Re: The reason for securelevel
To: Gilbert Fernandes <>
From: None <>
List: tech-security
Date: 01/28/2006 16:45:04
Hash: RIPEMD160

On Sat, Jan 28, 2006 at 03:46:48PM +0100, Gilbert Fernandes wrote:
> But we would still get newsysctl values probably. The securelevel
> thing would be transformed from one knob to a set of knob, whose
> default values makes it work like the current securelevel one.
> What do you think of it ? :)
This sounds reasonable. The drawback has of course been mentioned
before, and that is the nonexistence of the inverse mapping if the
admin decides to manipulate individual knobs, thus mixing defaults
from different "default" securelevels.

Hm.. an "outrageous" proposition: in my view, this has become an
overengineering of an initially simple securelevel concept.. _IF_
there is a real need for more fine-grained control, why not go down
the SELinux or grsecurity route? (I'm not saying to exactly copy their
model, but just to make a system-wide security model) Then make securelevel
as a "macro" for a predefined set of policies (provided by the NetBSD
developers, as such policies in the general framework are not trivial to

[I didn't mention FreeBSD's MAC as I'm not even briefly acquainted what
it supports or not...]

== To Elad:

As for the idea of keeping securelevel configuration in the file being
"bad", I don't see why. The veriexec framework also keeps its signatures
in a file.
Version: GnuPG v1.4.1 (GNU/Linux)