tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

It's not cool to change security-related sysctl names



Between NetBSD 5 and NetBSD 6, the name of the 'curtain' sysctl was
changed with no backwards compatibility.

The result is that systems upgraded to NetBSD 6, which set curtain in
/etc/sysctl.conf, like so:

security.models.bsd44.curtain=1

Will now fail to do so.  If their admins don't notice the warning message
at boot time, the system will come up and run but sensitive data may be
disclosed (presumably if people set curtain in sysctl.conf, they have good
reason for doing so).

This is not cool.  It might actually warrant an advisory.

-- 
 Thor Lancelot Simon                                          
tls%panix.com@localhost

        It's very complicated.  It's very cumbersome.  There's a
        lot of numbers involved with it.


Home | Main Index | Thread Index | Old Index