I think Linus, you simply don't understand the point, design or structure
of the BSD securelevel. Please read some of it again a bit more careful.
The point of securelevel is to provide a partition of trust and control. It
takes away specific rights root has so as to prevent a user who breaks in
being able to use root rights to invalidate audit trails.
The tie to init btw is basically a convenient place to put such safety
and control. Wiring securelevel to Dongles on parallel ports is also
quite a common setup.
You can certainly argue that bitmaps have their place in this according
to what they are intended to remove. You might even want to set up some
kind of bizarre system where you can revoke the secure levels. Its somewhat
odd although easily done (make one bit the 'irrevocable' bit). The bitmap
extensions make sense to irrevocably remove other defined paths of trust
(like snooping packets).
> In short, securelevels should be
> (a) bitmaps
> (b) per-process
This is capabilities, this is NOT what BSD securelevels are. There was
a Linux capabilities project. It never got merged, it died AFAIK.
> Considering exactly how many truly stupid things the BSD guys have done it
> continually makes me surprised how many people still consider their ideas
> good without thinking too much about them.
For once Linus you are busy badmouthing something which you quite visibly
missed the entire point of. The BSD securelevel system does a very specific
job and does it incredibly well.
Alan
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu