Date: Thu, 16 Apr 1998 10:43:53 +0200 From: Arne Henrik Juul <arnej@stud.math.ntnu.no> To: dima@best.net Cc: tsprad@set.spradley.tmi.net, louie@TransSys.COM, trost@cloud.rain.com, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <199804160843.BAA17349@hub.freebsd.org> In-Reply-To: Your message of "Wed, 15 Apr 1998 23:08:39 -0700 (PDT)" References: <199804160608.XAA03735@burka.rdy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dima Ruban wrote:
> Ted Spradley writes:
> > Normal usersdo not need *not* to have read access to the kernel. If it
> > ain't broke, don't fix it.
>
> I've already gave you an example why it shouldn't be like this.
Your argument was not very compelling - you can't say that most,
or even many, FreeBSD machines have commercial drivers, much less
that the have such drivers with so draconian license agreements
that you're not even allowed to have the in-kernel object code
readable for normal users. (For what it's worth, I've never
heard about such a license agreement, ever, for any piece of
software).
On my machines, I'm mostly logged in as myself, not as root. I
think this is a good practice and I'll keep on doing that. I
don't *want* to have any special privileges on my normal user,
and what's more, I *want* my students to be able to peek around
in the system as much as possible, also on the machines where
they can't be allowed to have the root password. I *don't* want
to have to su root just to do normal things that shouldn't need
root access. I've been inconvenienced by stupid programs being
installed without read access for normal users, many times
through the years. (I do sysadmin work on a large number of
machines with various OS'es.)
I think that if *you* want a read-protected kernel (for reasons
that applies to a very small subset of FreeBSD users), *you*
should write a config file for mtree that actually helps
security, and apply it on *your* machine. I mean, what's the
point of read-protecting the kernel in / without doing the same
to /var/db/kvm_kernel.db?
Logically, it's much more important to protect sendmail to be
unreadable, and modify it so it won't tell its version number to
normal users. Or implementing the policy that no setuid programs
should be readable for users, since that allows them to inspect
the object code for buffer overruns and such. (Assuming the
prospective hacker isn't smart enough to go look at the sources
to simplify the task :-)
So please, implement whatever policy you want on *your* machine!
- Arne H. Juul
senior engineer, Department of Mathematical Sciences,
Norwegian University of Science and Technology.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804160843.BAA17349>