Anonyma wrote:
> Anonymous wrote:
>
>> Bearing in mind the issues:
>>
>> [http://www.redteam-pentesting.de/adv...a-2005-15.txt]
>>
>> AND Theo's attitude ,
>>
>> "Sorry, we are going to change nothing. Securelevels are useless."
>>

>
> Clever Monkey wrote:
>
>> ...and notice that neither of the other platforms had anything better to
>> say on the matter. Clearly no one is going to fix this broken model.
>> Theo is just not bothering to sugar-coat it.

>
> *** Also notice that NetBSD was found to be immune to the problems.
>

To this single problem, you mean.

> *** Also notice that if OpenBSD had chosen to lead the way with some
> type of redesign , other OS's might have followed their lead.
>

Since when?

> *** There is "sugar-coating" and there is defeatism.
>

A bad design is a bad design. Some things may not be worth saving.
This is called "realism". Perhaps migrating to a better way to enforce
policies is better.

Instead of posting this here, why not raise it with OpenBSD (perhaps via
misc@) and get the real answer. It won't be the answer you want and it
may come with some rather forceful explanations, but no one here can do
anything about it.

From my glance at
systrace looks
like a very complete tool. Perhaps you can specify places where
functionality offered by securelevel is not covered by systrace or some
other facility?