by mail.netbsd.org with SMTP; 9 Apr 2000 06:00:19 -0000
	by mail1.panix.com (Postfix) with ESMTP
	id 14A5430EE1; Sun,  9 Apr 2000 02:00:16 -0400 (EDT)
Date: Sun, 9 Apr 2000 02:00:16 -0400
From: Thor Lancelot Simon <tls@rek.tjls.com>
To: Ty Sarna <tsarna@endicor.com>
Cc: tech-security@netbsd.org
Subject: Re: HEADS UP: /etc/sysctl.conf, and rc.conf $defcorename and $securelevel
Message-ID: <20000409020016.A20849@rek.tjls.com>
Reply-To: tls@rek.tjls.com
References: <955236567.460484@fezzik.endicor.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <955236567.460484@fezzik.endicor.com>; from tsarna@endicor.com on Sat, Apr 08, 2000 at 11:29:27PM +0000

On Sat, Apr 08, 2000 at 11:29:27PM +0000, Ty Sarna wrote:
> 
> Please note that if you're setting defcorename or securelevel in your
> rc.conf, those settings are now ignored. You can set them in
> /etc/sysctl.conf instead. See the sample file in src/etc.

I think this is an extremely bad idea.  There was no reason to deprecate
the old "securelevel" rc.conf variable except for aesthetics, and that
is *not* enough reason to make a change that could have extremely severe
security implications for sites that don't notice your warning before
they upgrade.

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
	"And where do all these highways go, now that we are free?"