Subject: Sysctls vs. securelevel (was Re: Volunteers to test some kernel
To: Simon J. Gerraty <sjg@quick.com.au>
From: Todd Vierling <tv@pobox.com>
List: tech-kern
Date: 06/15/1999 10:53:30
On Wed, 16 Jun 1999, Simon J. Gerraty wrote:
: Just to clarify, I meant that you could not (by any means) make a file
: executable while the system is running at whatever secure-level turns
: your feature on and you clear execute permissions when a file is
: written to. It would not need to be single-user, except that you
: cannot lower secure-level once raised so it might as well be
: single-user that you go to to chmod +x.
This brings up an interesting point. We probably should take features like
this and make them one-way sysctls, so that there isn't too much assumed
about what's in a `securelevel'. In fact, I'd venture to suggest that much
of the current `securelevel' functionality would be better implemented by
sysctls that are one-way settings (reset only at reboot).
Or, there could be a `securelevel' with exactly two states (0 and 1), where
`0' indicates two-way security switch sysctls, and `1' indicates one-way
settings.
--
-- Todd Vierling (tv@pobox.com)