From owner-cvs-all Fri Aug 11 12:15:22 2000 Delivered-To: cvs-all@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id 6373A37B683; Fri, 11 Aug 2000 12:14:37 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id NAA09777; Fri, 11 Aug 2000 13:14:30 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id NAA36613; Fri, 11 Aug 2000 13:13:59 -0600 (MDT) Message-Id: <200008111913.NAA36613@harmony.village.org> To: John Hay Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Cc: mark@grondar.za (Mark Murray), chris@netmonger.net (Christopher Masto), cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org In-reply-to: Your message of "Sat, 11 Aug 2000 21:09:38 +0200." <200008111909.e7BJ9cU57765@zibbi.mikom.csir.co.za> References: <200008111909.e7BJ9cU57765@zibbi.mikom.csir.co.za> Date: Fri, 11 Aug 2000 13:13:59 -0600 From: Warner Losh Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In message <200008111909.e7BJ9cU57765@zibbi.mikom.csir.co.za> John Hay writes: : If we really want to be this paranoid, we should think about removing : all other suid programs from a standard build too. Which ones? The current list that I have shows many, relatievly small ones that have been well audited and are easy to audit. Perl isn't easy to audit, is huge and has the ability to load arbitrary code (iirc). I do like the idea of installing it mode 0, but worry about hozing existing people. But it would be a failsafe way to hoze them rather than the fail unsafe way we might hose them now. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message