From owner-freebsd-stable  Thu Apr 16 16:08:51 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id QAA06938
          for freebsd-stable-outgoing; Thu, 16 Apr 1998 16:08:51 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from ocean.campus.luth.se (ocean.campus.luth.se [130.240.194.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA06733;
          Thu, 16 Apr 1998 23:08:13 GMT
          (envelope-from karpen@ocean.campus.luth.se)
Received: (from karpen@localhost)
	by ocean.campus.luth.se (8.8.8/8.8.8) id BAA15315;
	Fri, 17 Apr 1998 01:02:22 +0200 (CEST)
	(envelope-from karpen)
From: Mikael Karpberg <karpen@ocean.campus.luth.se>
Message-Id: <199804162302.BAA15315@ocean.campus.luth.se>
Subject: Re: kernel permissions
In-Reply-To: <E0yPx1m-0005qz-00@set.spradley.tmi.net> from Ted Spradley at "Apr 16, 98 05:21:06 pm"
To: tsprad@set.spradley.tmi.net (Ted Spradley)
Date: Fri, 17 Apr 1998 01:02:22 +0200 (CEST)
Cc: stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
X-Mailer: ELM [version 2.4ME+ PL32 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk

According to Ted Spradley:
> > Excuse me? What are they (users) going to do with kernel name list
> > besides attempting to hack your machine?
> 
> No, you've missed Mr. Tweten's point.  You don't get to ask.  *You* have 
> to prove that there's *nothing* else they could get from reading the 
> kernel.
> 
> Furthermore, it's not obvious to me what they could get from reading it 
> that would allow them to "hack your machine".
> 
> > They can't really use it anyway.
> 
> It would be a nuisance to me if I had to su root to do the "strings 
> /kernel | grep '^___' " thing.

You don't have to, just chmod it once.

Quite frankly, why don't you all spend your energys doing something sane
instead of going on and on about this?

And I have to agree with Dima, the more secure the better. Wanna hear a
reall good argument? 

It's easy to forget to frob all the 1000 small knobs that "you can frob
on YOUR machine if you want it secure". It's however quite easy to remember
to chmod it when you or one of your users gets annoyed at not being able to
read it. It annoys you the first time, but you su, chmod, and exit. Nothing
more to it. You simply will not forget to, because it will not let you.

I definitely don't mind a change that doesn't affect any programs negatively,
if it has a chance of making the system at least a bit more secure.

  /Mikael

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message