Re: secmodel_securelevel(9) and machdep.svs.enabled

To: Alexander Nasonov <alnsn%yandex.ru@localhost>
Subject: Re: secmodel_securelevel(9) and machdep.svs.enabled
From: Paul Goyette <paul%whooppee.com@localhost>
Date: Fri, 20 Apr 2018 06:56:14 +0800 (+08)


On Thu, 19 Apr 2018, Alexander Nasonov wrote:

When securelevel is set, should be lock 1->0 change for
machdep.svs.enabled (and possibly for other sysctls related
to recent security mitigations)?


Possibly.  At the very least, we should prevent _disabling" the
svs code if securelevel is set.  IMHO.


+------------------+--------------------------+----------------------------+
| Paul Goyette     | PGP Key fingerprint:     | E-mail addresses:          |
| (Retired)        | FA29 0E3B 35AF E8AE 6651 | paul at whooppee dot com   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd dot org |
+------------------+--------------------------+----------------------------+

References:
- secmodel_securelevel(9) and machdep.svs.enabled
  - From: Alexander Nasonov

Prev by Date: secmodel_securelevel(9) and machdep.svs.enabled
Next by Date: Significance of softnet/0; softclk/0 etc
Previous by Thread: secmodel_securelevel(9) and machdep.svs.enabled
Next by Thread: Re: secmodel_securelevel(9) and machdep.svs.enabled
Indexes:

Home | Main Index | Thread Index | Old Index