From mkuntic@mioc.hr  Tue Mar 25 05:07:22 2003
Return-Path: <mkuntic@mioc.hr>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 83FF637B401
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 25 Mar 2003 05:07:22 -0800 (PST)
Received: from zagreb.mioc.hr (zagreb.mioc.hr [193.198.200.3])
	by mx1.FreeBSD.org (Postfix) with ESMTP id BE04243F3F
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 25 Mar 2003 05:07:21 -0800 (PST)
	(envelope-from mkuntic@mioc.hr)
Received: from mkuntic by zagreb.mioc.hr with local (Exim 4.12)
	id 18xo9A-00043G-00
	for FreeBSD-gnats-submit@freebsd.org; Tue, 25 Mar 2003 14:07:20 +0100
Message-Id: <E18xo9A-00043G-00@zagreb.mioc.hr>
Date: Tue, 25 Mar 2003 14:07:20 +0100
From: Marko Kuntic <mkuntic@mioc.hr>
Reply-To: Marko Kuntic <mkuntic@mioc.hr>
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: securelevel granularity
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         50273
>Category:       kern
>Synopsis:       securelevel granularity
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Mar 25 05:10:11 PST 2003
>Closed-Date:    Tue Mar 25 08:19:45 PST 2003
>Last-Modified:  Tue Mar 25 08:19:45 PST 2003
>Originator:     Marko Kuntic
>Release:        FreeBSD 5.0-RELEASE-p6 i386
>Organization:
XV. gimnazija
>Environment:
System: FreeBSD 5.0-RELEASE-p6 i386
>Description:
Securelevels consist of different security measures lumped together. A more
useful approach would be to enable the administrator to set various measures
individually; for example, one may wish not to allow modules to be loaded or
unloaded, but at the same time allow the immutable flag to be unset from
files. The existing mechanism makes such differentiation impossible.
>How-To-Repeat:
>Fix:
Instead of providing securelevels, provide ON/OFF switches for individual
security measures, or, at least, provide these switches within the context of
existing securelevels.
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: keramida 
State-Changed-When: Tue Mar 25 08:16:40 PST 2003 
State-Changed-Why:  
This is not really a bug, but it's a nice idea.  In fact, it's so 
nice that Robert Watson and his TrustedBSD wraiths^W^H folks have 
brought us access list and policies in FreeBSD 5.0-CURRENT :) 

It's no use trying to make securelevels fine-grained now that 
FreeBSD has ACLs and policies. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=50273 
>Unformatted:
