Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: kauth, securelevel, and "run levels"
From: Thor Lancelot Simon (tlsrek.tjls.com)
Date: Sat Mar 25 2006 - 16:22:30 CST
On Sat, Mar 25, 2006 at 05:17:08PM -0500, Steven M. Bellovin wrote:
> That's where we disagree. I'm concerned not just with assurance for
> the programmer, but for the administrator of such a system. With the
> new scheme, when you set certain flags, do you have a clear
> understanding what is and isn't possible for an attacker? Securelevel
> can be described in a few paragraphs; you know what you're getting
> (modulo code bugs, but that's not what I'm talking about here).
My suggestion is that we ship knob-settings that give you _exactly_
what we used to (claim to ("modulo bugs") ;-)) give you with securelevel 1.
If you decide to go under the hood and change those sets of knob-settings,
then, yes, you're on your own to get it right. But what _we_ ship should
do just what the old code did, from the administrator's point of view.
Thor Lancelot Simon tlsrek.tjls.com
"We cannot usually in social life pursue a single value or a single moral
aim, untroubled by the need to compromise with others." - H.L.A. Hart