Subject: Re: Sysctls vs. securelevel (was Re: Volunteers to test some kernel code...)
To: Todd Vierling <tv@pobox.com>
From: Bill Studenmund <wrstuden@nas.nasa.gov>
List: tech-kern
Date: 06/15/1999 11:47:09
On Tue, 15 Jun 1999, Todd Vierling wrote:

> On Tue, 15 Jun 1999, Bill Studenmund wrote:
> 
> : I think a tri-state secure level is fine (0, 1, 2), but I DO like the idea
> : of one-way sysctls's.
> 
> Well, if the security functionality is based on sysctls, what does a
> tri-state securelevel do?  ;)

Good question.

Actually, I'm going to digress a little. What I'd love to see is
securelevel stay a slider, and the sysctls control what gets turned on at
different levels. I think the tree levels we have, "wide open," "snippy,"
and "anal," are fine. With sysctls, an admin can set what's turned on at
the different levels.

Admittedly one sysadmin could set securelevel 1 to be as picky as what the
defaults set to secure level 2.

Not sure how practical these thoughts are, but there they are. :-)

Take care,

Bill