tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Secmodel_bsd44: default to "defer", not "deny"?
Bill Stouder-Studenmund wrote:
A default answer of "defer" is more-correct that what happens now. Making
this change strikes me as the right thing to do. It also will serve as a
good example for future module-authors.
Also, the fact that root was able to load modules at boot doesn't mean
that root can load modules (and thus kmem is writable) later. :-) Isn't
that the reason we talked about securelevel and capabilities and the
inability to re-enable "capabilities" that we disable towards the end of
boot?
Right.
I'll wait a couple of days and change it.
Thanks,
-e.
Home |
Main Index |
Thread Index |
Old Index