|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: The reason for securelevel (was: sysctl knob to let sugid processes dump core (pr 15994))
From: Michael Richardson (mcr
sandelman.ottawa.on.ca)
Date: Thu Jan 26 2006 - 13:05:46 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
>>>>> "Steven" == Steven M Bellovin <smbcs.columbia.edu> writes:
Steven> In principle, this is a fine idea. In practice, figuring
Steven> out the right set of bits is non-trivial. It's not a direct
Steven> analogy, but SGI has 48 different privileges that a process
Steven> can have.
You missed the point of the discussion.
(VMS had the same problem)
It is precisely this point which argues for securelevel being a macro.
Yes, we can argue about which bit is which.
However, the very gross-level of securelevel often causes people to
run without an appropriate securelevel due to a single item. Of course
you can shoot yourself in the foot this way (leaving a hole in the
fence) --- but the alternative is often to have no fence.
- --
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcrxelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
iQEVAwUBQ9kdiYCLcPvd0N1lAQL0cQf/VtqtAHd+5D0mBnJqYKieQHGgmZm2YL0h
fw03FGn351I1oZCyq/Cm9WKiy/YsvOJn1Ih1082vAkhWjyMr82pWpuEdRzJKwpsB
e1YP03dKCNYsrqOcAMMHwPhce4T7SuoIB579gwkSCQn87sA5N73va+mQWov76ezh
Jh14RQZFardz21/1dmBYQR+9QlXqMjqgzdDW38bX7tZb4KdXAQd+0GkrE6pNQekT
J2muJbvZMStZ24aBKDCvE2+0LLe2s3/v1KzgEmktJ1oCMPg7tVOtT5DlMpUI0V07
W/CrNzRL8c+j0gTREtncR5GkvsDe838fh9gg9qmpiO/1nSZQ4POezw==
=9rfj
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]