Date: Fri, 11 Aug 2000 13:13:59 -0600 From: Warner Losh <imp@village.org> To: John Hay <jhay@icomtek.co.za> Cc: mark@grondar.za (Mark Murray), chris@netmonger.net (Christopher Masto), cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Message-ID: <200008111913.NAA36613@harmony.village.org> In-Reply-To: Your message of "Sat, 11 Aug 2000 21:09:38 %2B0200." <200008111909.e7BJ9cU57765@zibbi.mikom.csir.co.za> References: <200008111909.e7BJ9cU57765@zibbi.mikom.csir.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200008111909.e7BJ9cU57765@zibbi.mikom.csir.co.za> John Hay writes: : If we really want to be this paranoid, we should think about removing : all other suid programs from a standard build too. Which ones? The current list that I have shows many, relatievly small ones that have been well audited and are easy to audit. Perl isn't easy to audit, is huge and has the ability to load arbitrary code (iirc). I do like the idea of installing it mode 0, but worry about hozing existing people. But it would be a failsafe way to hoze them rather than the fail unsafe way we might hose them now. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008111913.NAA36613>