Kernel-loadable Root Kits
David Schultz
das at FreeBSD.ORG
Wed Sep 29 16:50:44 PDT 2004
On Wed, Sep 29, 2004, David Pick wrote:
> 6) securelevel *is* a great thing but sysadmins are tied to the
> hierarchy of levels chosen by the project, and one size does *not*
> fit all. As a more general mechanism I would suggest that there
> is a kernel-build option for *each* facility that can be locked
> by securelevel, which geves the level at which that facility
> becomes locked.
Great idea. See mac(4).
More information about the freebsd-security
mailing list