From owner-freebsd-stable  Thu Apr 16 23:56:00 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA17575
          for freebsd-stable-outgoing; Thu, 16 Apr 1998 23:56:00 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from spinner.netplex.com.au (spinner.netplex.com.au [202.12.86.3])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA17429;
          Fri, 17 Apr 1998 06:55:29 GMT
          (envelope-from peter@netplex.com.au)
Received: from spinner.netplex.com.au (localhost [127.0.0.1])
	by spinner.netplex.com.au (8.8.8/8.8.8/Spinner) with ESMTP id OAA27954;
	Fri, 17 Apr 1998 14:52:55 +0800 (WST)
	(envelope-from peter@spinner.netplex.com.au)
Message-Id: <199804170652.OAA27954@spinner.netplex.com.au>
X-Mailer: exmh version 2.0.2 2/24/98
To: Matthew Hunt <mph@pobox.com>
cc: Robert Watson <robert+freebsd@cyrus.watson.org>,
        Dima Ruban <dima@best.net>, stable@FreeBSD.ORG,
        freebsd-security@FreeBSD.ORG
Subject: Re: kernel permissions 
In-reply-to: Your message of "Fri, 17 Apr 1998 01:55:05 -0400."
             <19980417015505.15073@mph124.rh.psu.edu> 
Date: Fri, 17 Apr 1998 14:52:54 +0800
From: Peter Wemm <peter@netplex.com.au>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk

Matthew Hunt wrote:
[..]
> I can't be persuaded that a world-readable kernel can ever present
> a problem (the real problem would have to be in some other software)
> and Dima is unlikely to be persuaded to my point of view.  I see
> a pattern in my future: "make install", forget to change the perms
> to 444, reboot, kick myself (since I run with securelevel=1), swear
> to remember next time, and repeat the cycle. :-)

For what it's worth, I strongly disagree with making it 440 as well.  It
serves no purpose other than inconveniencing people.  I mean, the majority
of the systems would stil have /usr/src/sys/compile/SYSNAME/* readable.
What's next? enforcing restricted permissions on /usr/src?  chmod 751 /dev?
How many places do we describe 'nm -p /kernel | sort | more' as part of the
standard procedure for people mailing bug reports?  This is rare enough as
it is, and since it's more inconvenient it'll become rarer still.

Cheers,
-Peter
--
Peter Wemm <peter@netplex.com.au>   Netplex Consulting



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message