Jonathan Stone wrote:

> Or alternatively, would you care to address the issue of how to
> replace the aspects of securelevel (guaranteeed-revocation, for a
> well-defined monotonic set, for all proceses now and forevermore) in
> your proposal?

I find it funny that the parts of my message that explicitly expain
this very thing were left out of all of your replies, Jonathan.

> Because, so far, both Thor and I (both fairly expert at building
> hardened, secure systems using (amongst other features) securelevels)
> aren't seeing at all how to accomplish that, not in anything remotely
> like an equivalent, easily-explained, *provably* secure way.

No, not Thor and you, *just* you. You are the only person, for now,
that does not understand how any of this works, and that it will allow
us to do exactly what we're doing today -- except for the case of
multiple knobs, and my original post mentions that very issue, David's
post offered a possible solution, and Bill even commented further.

You are obviously talking about things you didn't even bother to check,
making baseless statements over and over, repeating things that are
completely irrelevant and incorrect.

Did you look at any of the kauth(9) code? did you look at the man-page
that is available online to learn about the interface? it's my bet that
not only you didn't, but that your entire messages are based on more
assumptions, just as you complain about a "kauthd" that does not exist
and was never mentioned by myself or anyone else in any of the kauth(9)
related discussions/man-pages/code.

I suggest, Jonathan, that instead of satisfying your need to argue over
things you are not familiar with, feeding this list with FUD (not to say
lies, because what you say is exactly that: not true), you take a look
at the available code, man-page, and my original post once more, if you
haven't done so already.

As for your suggestion to check other alternatives, you can (again)
wrongly assume and think I didn't; but I suggest you take a look at what
TrustedBSD provides *exactly* (hint: something completely other than
what I am suggesting), and SELinux is simply GPL'd. I have, however,
looked into the FLASK model (as you would've know if you just read this
thread more carefully) and, again, the kauth(9) work is simply just not
equal to these "alternatives" -- only strngthens my point that you might
not have any idea of what it is.

-e.

-- 
Elad Efrat