Re: Security through Permissiveness: A Zen Riddle? (Crispin Cowan)

From: sarnoldat_private
Date: Fri Jul 13 2001 - 16:45:16 PDT

  • Next message: Crispin Cowan: "Re: Security through Permissiveness: A Zen Riddle? (Crispin Cowan)"

    On Fri, Jul 13, 2001 at 07:23:26PM -0400, Matt Block wrote:
    > Is there a clear list of projects on which help is needed?
    
    Matt, you will be thrilled to know that there is. :)
    
    A feature from the *BSD kernels that I think would be well-received in
    the Linux camp is the securelevel stuff. Securelevel does different
    things between OpenBSD and FreeBSD (the only two I have used, sorry BSDi
    and NetBSD) but the gist is: no writing to /dev/[k]mem or raw disks,
    immutable and append-only flags are respected, firewall rules are
    immutable, and the time can't be set backward.
    
    This has been something I have been thinking of doing for a little while
    now, but it doesn't look like I will have the time any time soon. It
    seems like a good test of the LSM API -- perhaps in implementing
    securelevel, some new needs might develop.
    
    I'll be happy to let you have the glory if you want to go do it. :)
    
    http://www.openbsd.org/cgi-bin/man.cgi?query=securelevel&sektion=7&format=html
    http://www.freebsd.org/cgi/man.cgi?query=securelevel&apropos=0&sektion=0&manpath=FreeBSD+4.3-RELEASE&format=html
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Fri Jul 13 2001 - 16:43:21 PDT