Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: The reason for securelevel (was: sysctl knob to let sugid processes dump core (pr 15994))
From: Michael Richardson (mcrsandelman.ottawa.on.ca)
Date: Thu Jan 26 2006 - 13:05:46 CST
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Steven" == Steven M Bellovin <smbcs.columbia.edu> writes:
Steven> In principle, this is a fine idea. In practice, figuring
Steven> out the right set of bits is non-trivial. It's not a direct
Steven> analogy, but SGI has 48 different privileges that a process
Steven> can have.
You missed the point of the discussion.
(VMS had the same problem)
It is precisely this point which argues for securelevel being a macro.
Yes, we can argue about which bit is which.
However, the very gross-level of securelevel often causes people to
run without an appropriate securelevel due to a single item. Of course
you can shoot yourself in the foot this way (leaving a hole in the
fence) --- but the alternative is often to have no fence.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcrxelerance.com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----