Subject: Re: kauth, securelevel, and "run levels"
To: Elad Efrat <elad@NetBSD.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-security
Date: 03/25/2006 16:52:40
On Sat, Mar 25, 2006 at 09:13:03PM +0200, Elad Efrat wrote:
> Thor Lancelot Simon wrote:
> 
> > 1) We should factor out exactly what operations may allow persistent
> >    compromise, and produce a kauth mask that prohibits them.  This
> >    should correspond to the old "security level 1", plus what should
> >    have gone into level 1, but went into level 2 because I was a dumbass.
> 
> Yes, we already talked about that. I gave you a list of implications of
> securelevel (minus a few) so you can factor out the securelevels the way
> you see fit -- did you do that? :)
> 
> I don't mind doing it myself, but simply because I'm sure we'll divide
> the implications differently I prefer you go ahead and do it first.

Sorry -- I do owe you this.  I will try to get to it as quickly as I
can.  I keep expecting more time to free up for Important NetBSD Tasks;
unfortunately, the rest of my life keeps getting in the way (!).

Thor