Re: kern/22142: securelevel does not affect mount

From: Jan Srzednicki (winfried@student.uci.agh.edu.pl)
Date: 08/23/02


Date: Fri, 23 Aug 2002 09:43:15 +0200 (CEST)
From: Jan Srzednicki <winfried@student.uci.agh.edu.pl>
To: Johan Karlsson <johan@FreeBSD.org>

On Thu, 22 Aug 2002, Johan Karlsson wrote:

> Synopsis: securelevel does not affect mount
>
> Responsible-Changed-From-To: freebsd-bugs->freebsd-security
> Responsible-Changed-By: johan
> Responsible-Changed-When: Thu Aug 22 18:41:46 PDT 2002
> Responsible-Changed-Why:
> Lets get -security's opinion about this.
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=22142

I'm afraid changin securelevel's behaviour would break some system schemes
out there, which is rather unwanted thing for -STABLE. One thing we can do
is to wait for MACs in -CURRENT. Maybe a better solution is to add another
sysctl just form mount? Like kern.mount_disabled, which, when set to 1,
cannot be reverted back.

-- 
#- Winfried -------- wrzask@IRCNet -||- GG# 3838383 -||- JS500-RIPE -#
#- w@dream.vg ---- w@303.krakow.pl -||--- http://violent.dream.vg ---#
#- Never underestimate the power of stupid people in large numbers. -#
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message