Re: Experimental yet interesting securelevel patch :-)

Richard A. Soderberg (richards@dnsi.net)
Wed, 27 Aug 1997 20:40:22 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff Wiegley: "Re: Why the heck does 'tar -xvzf linux-2.0.{30,27,29}.tar.gz' lock up my 486??"
Previous message: Jeff Wiegley: "Re: Linux and tar -xvzf lockup"

Sounds like something for Filesystems or General Setup options in
menuconfig.. whatever the similar config options are... I'd do it if I
knew how to do the config file coding (I can't even find the files.)

Richard

On Thu, 21 Aug 1997, Pavel Machek wrote:

> Date: Thu, 21 Aug 1997 17:46:43 +0200
> From: Pavel Machek <pavel@Elf.mj.gts.cz>
> To: Chris Evans <chris@ferret.lmh.ox.ac.uk>
> Cc: linux-kernel@vger.rutgers.edu
> Subject: Re: Experimental yet interesting securelevel patch :-)
>
> Hi!
>
> > Attached is a patch relative to 2.1.48 which should actually enable
> > securelevel to do something useful!!
> >
> > Concepts:
> >
> > The "securelevel" variable now becomes a bitmap. By setting certain bits
> > in this bitmap, various security sensitive operations become denied even
> > to root, eg. removing immutable bits, writing to block devices etc.
> >
> > By setting another key bit, root loses the ability to disable these
> > security measures once enabled (unless he has a modified init). Yet
> > another bit disallows even init from lowering security settings. "No way
> > back" :)
>
> Hmm... I would like to see compile-time option to disable securelevel
> altogether. It could be quite simple (#define securelevel 0 at good
> place), and would allow me to kill secureleveling altogether. I do not
> need this kind of security on my desktop! [I hope].
>
> Pavel
>

-- http://www.dnsi.net/

Next message: Jeff Wiegley: "Re: Why the heck does 'tar -xvzf linux-2.0.{30,27,29}.tar.gz' lock up my 486??"
Previous message: Jeff Wiegley: "Re: Linux and tar -xvzf lockup"