tech-kern: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)

Subject: Re: security sysctl? (was: r/o filesystem restrictions for firewall?)
To: Andrew Brown <atatat@atatdot.net>
From: Jon Lindgren <jlindgren@slk.com>
List: tech-kern
Date: 10/24/2000 11:51:50

On Tue, 24 Oct 2000, Andrew Brown wrote:

> >This was furthered into using sysctl's to do accomplish the same
> >results... having a security section with knobs to frob which turn
> >different features (such as allowing ipf or ipnat rules to be added,
> >etc...).  And of course, after that, making the security section
> >read-only, so if one cracks the box certain features can't be re-enabled.
> 
> no...you misunderstood me.  the "last" security knob would mark the
> *entire* sysctl mib as read-only wrt userland, not just the security
> mib.
> 
> i envisioned adjusting whatever needed to be adjusted, and then
> closing the box.

Even better ;-)

-Jon
 --------------------------------------------------------------------
 "Trout are freshwater fish, and have underwater weapons."
 "Zing, zing zing zing!"
 "Keep away from the trout."
 -- The opinions expressed are not necesarily those of my employer --
 "Who stole my lawn?"