Re: It's not cool to change security-related sysctl names

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: It's not cool to change security-related sysctl names
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Fri, 18 Jan 2013 00:50:58 +0100

Le 16/01/13 17:25, Thor Lancelot Simon a écrit :

Between NetBSD 5 and NetBSD 6, the name of the 'curtain' sysctl was
changed with no backwards compatibility.

The result is that systems upgraded to NetBSD 6, which set curtain in
/etc/sysctl.conf, like so:

security.models.bsd44.curtain=1

Will now fail to do so.  If their admins don't notice the warning message
at boot time, the system will come up and run but sensitive data may be
disclosed (presumably if people set curtain in sysctl.conf, they have good
reason for doing so).

This is not cool.  It might actually warrant an advisory.

I can't remember the exact details behind, however the curtain (andsecurelevel BTW) sysctls were used through "security.curtain" and"kern.securelevel" as shown in security(7). So it seems that thisregression went unnoticed.

When this change was made (securelevel and curtain moving to the'extensions' secmodel(9)), the old sysctls remained but not the 'bsd44'ones.


Left over on my side. I'll fix it and ask for a pullup, sorry.

--
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

Follow-Ups:
- Re: It's not cool to change security-related sysctl names
  - From: Jean-Yves Migeon

References:
- It's not cool to change security-related sysctl names
  - From: Thor Lancelot Simon

Prev by Date: It's not cool to change security-related sysctl names
Next by Date: Re: It's not cool to change security-related sysctl names
Previous by Thread: It's not cool to change security-related sysctl names
Next by Thread: Re: It's not cool to change security-related sysctl names
Indexes:

Home | Main Index | Thread Index | Old Index