Subject: The reason for securelevel
To: None <tech-security@NetBSD.org, tech-kern@NetBSD.org>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: tech-kern
Date: 01/25/2006 22:36:42
The reason we have securelevel is for *assurance*. Theoretically, we
don't need it; after all, we could set up our systems so that only root
can do certain things, and all we have to do is keep the bad guy from
becoming root.
Of course, as we've learned that's easier said than done. They do
crack root, with depressing regularity. Securelevel is the extra
protection for certain systems. Doing things that weaken that
protection is a bad idea.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb