> ipfw allows you to clear counters. It is a feature that already exists.
>
> However, it does not allow you to do it if you are sitting at secure
> level 3.
>
> Why not? I can't think of any good reason why clearing the counters
> should be disallowed when sitting at a higher secure level. The counters
> are nothing more then statistics. Clearing statistics is not a security
> threat.
I just thought of a bad thing. If you allowed the counters to be zero'd
(or advanced) at securelevel == 3, then a 'malicious user' could write a
cronjob to continually reset them and cause a DoS attack on the system
(or in the case of advance, reset them to ridiculously high values),
thus filling up the disk.
However, one could argue that *IF* they have root, they could just as
easily fill the disk with garbage and cause the same attack, ie;
# dd if=/dev/zero of=/var/log/misc
> The discussion should simply be about that. Not all this garbage
> about adding new features. There's a feature that does not seem
> to impact security, secure level disallows it, why?
I'm not convinced there aren't other security implications from zero'ing
(or advancing) the counters.
Nate
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
