From owner-freebsd-chat  Tue Feb  6  0:40:20 2001
Delivered-To: freebsd-chat@freebsd.org
Received: from hand.dotat.at (sfo-gw.covalent.net [207.44.198.62])
	by hub.freebsd.org (Postfix) with ESMTP id 5F5E837B401
	for <freebsd-chat@freebsd.org>; Tue,  6 Feb 2001 00:40:03 -0800 (PST)
Received: from fanf by hand.dotat.at with local (Exim 3.20 #3)
	id 14Q3dx-000GC3-00; Tue, 06 Feb 2001 08:38:33 +0000
Date: Tue, 6 Feb 2001 08:38:33 +0000
From: Tony Finch <dot@dotat.at>
To: Terry Lambert <tlambert@primenet.com>
Cc: Brett Glass <brett@lariat.org>,
	Rahul Siddharthan <rsidd@physics.iisc.ernet.in>,
	freebsd-chat@FreeBSD.ORG
Subject: Re: UNIX-like approach to software and system architecture
Message-ID: <20010206083833.Z70673@hand.dotat.at>
References: <4.3.2.7.2.20010204080917.049ecca0@localhost> <200102060328.UAA08814@usr08.primenet.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200102060328.UAA08814@usr08.primenet.com>
Organization: Covalent Technologies, Inc
Sender: owner-freebsd-chat@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Terry Lambert <tlambert@primenet.com> wrote:
>
>Actually, SCO had a fix for this a long time ago, where they
>had the ability to permit particular programs to do things,
>like bind reserved ports, as an attribute of the program (VMS
>did this too, with its concept of "installed images"), and
>not require that such programs run as root.  Adding this
>feature to FreeBSD would go a long way toward resolving the
>"root exploit" problem.

That's what TrustedBSD is all about.

Tony.
-- 
f.a.n.finch    fanf@covalent.net    dot@dotat.at
"Well, as long as they can think we'll have our problems.
But those whom we're using cannot think."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message