|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Secmodel_bsd44: default to "defer", not "deny"?
From: Elad Efrat (elad
NetBSD.org)
Date: Mon Feb 25 2008 - 16:10:54 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Bill Stouder-Studenmund wrote:
> A default answer of "defer" is more-correct that what happens now. Making
> this change strikes me as the right thing to do. It also will serve as a
> good example for future module-authors.
>
> Also, the fact that root was able to load modules at boot doesn't mean
> that root can load modules (and thus kmem is writable) later. :-) Isn't
> that the reason we talked about securelevel and capabilities and the
> inability to re-enable "capabilities" that we disable towards the end of
> boot?
Right.
I'll wait a couple of days and change it.
Thanks,
-e.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]