Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 1999-q3

FreeBSD Security Archives: Re: Init(8) cannot decrease securele

Re: Init(8) cannot decrease securelevel

Peter Jeremy (jeremypgsmx07.alcatel.com.au)
Tue, 7 Sep 1999 15:06:02 +1000

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Christian Kuhtz: "Re: Layer 2 ethernet encryption?"
Previous message: KATO Takenori: "Re: Init(8) cannot decrease securelevel"
In reply to: Matthew Dillon: "Re: Init(8) cannot decrease securelevel"
Next in thread: Nick Hibma: "Re: Init(8) cannot decrease securelevel"
Next in thread: Bruce Evans: "Re: Init(8) cannot decrease securelevel"

Matthew Dillon <dillonapollo.backplane.com> wrote:
> If the system winds up in a state where a kernel core cannot be
> generated, DDB is the only way to figure out what is going on.
> securelevel is a mechanism which attempts to guarentee data security,
> at least to a degree.

The problem is that DDB currently allows too much freedom. It
needs to disable various commands as the securelevel is raised.
Working out which commands is the non-trivial exercise - especially
since you can add new ones with DB_COMMAND().

Peter

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Next message: Christian Kuhtz: "Re: Layer 2 ethernet encryption?"
Previous message: KATO Takenori: "Re: Init(8) cannot decrease securelevel"
In reply to: Matthew Dillon: "Re: Init(8) cannot decrease securelevel"
Next in thread: Nick Hibma: "Re: Init(8) cannot decrease securelevel"
Next in thread: Bruce Evans: "Re: Init(8) cannot decrease securelevel"

This archive was generated by hypermail 2.0b3 on Tue Sep 07 1999 - 00:09:43 CDT