Subject: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)
To: None <tech-security@netbsd.org, tech-kern@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 10/24/2000 13:36:47
  by mail.netbsd.org with SMTP; 24 Oct 2000 17:36:49 -0000
	by mail2.panix.com (Postfix) with ESMTP
	id 0566390CD; Tue, 24 Oct 2000 13:36:48 -0400 (EDT)
Date: Tue, 24 Oct 2000 13:36:47 -0400
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: tech-security@netbsd.org, tech-kern@netbsd.org
Subject: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)
Message-ID: <20001024133647.A7740@rek.tjls.com>
Reply-To: tls@rek.tjls.com
References: <Pine.WNT.4.21.0010241054380.709-100000@a28043.net.slk.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <Pine.WNT.4.21.0010241054380.709-100000@a28043.net.slk.com>; from jlindgren@slk.com on Tue, Oct 24, 2000 at 11:05:38AM -0400

On Tue, Oct 24, 2000 at 11:05:38AM -0400, Jon Lindgren wrote:
> I began a discussion a day or so ago on port-sparc and netbsd-help
> regarding setting up a firewall with r/o local disks (specifically, using
> a CD to boot, and allowing _no_ local writes to the disk).
> 
> After many suggestions on how to accomplish this, a suggestion was made as
> to a theoretical securelevel 3 where not much at all can be changed (no
> ipf rules added, etc...).

I don't at all understand what's "theoretical" about this, or what
enhancements would be rquired.  The policy enforced at securelevel 
2 was designed and implemented *specifically* for this purpose and
AFAICT works fine.  If you don't understand how to use it to achieve your
goal, I suggest that you really shouldn't be tinkering with the system's
security model.

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
	the effort to perceive simply the cruel radiance of what is