[nycbug-talk] security advisory
N.J. Thomas
njt
Thu Jan 19 09:43:34 EST 2006
* michael <lists at genoverly.net> [2006-01-19 08:40:33 -0500]:
> > A recently announced weakness in the BSD securelevel system isn't
> > going to be fixed in OpenBSD.
>
> > No fix will be released for OpenBSD. To quote Theo de Raadt: "Sorry,
> > we are going to change nothing. Securelevels are useless."
>
> Does anyone here take exception to what Jason Miller has written?
I evaluated using securelevels for FreeBSD 5 about a year ago and
decided not to use it because there were too many potential ways to
circumvent it, so I am somewhat inclined to agree with de Raadt in
saying that securelevels are useless.
Why they don't remove it altogether is a good question. My guess is that
it is easier to leave those chunks of code in the OS rather than tear
them out?
I wish I had the list with me that I found back then --it was just a
bunch of different ways to get around chflag'd files. I googled for it
right now but couldn't find it.
Thomas
--
N.J. Thomas
njt at ayvali.org
Etiamsi occiderit me, in ipso sperabo
More information about the talk
mailing list