From owner-freebsd-security  Mon Nov 16 10:50:47 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA15592
          for freebsd-security-outgoing; Mon, 16 Nov 1998 10:50:47 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from rover.village.org (rover.village.org [204.144.255.49])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id KAA15541
          for <freebsd-security@freebsd.org>; Mon, 16 Nov 1998 10:50:36 -0800 (PST)
          (envelope-from imp@village.org)
Received: from harmony [10.0.0.6] 
	by rover.village.org with esmtp (Exim 1.71 #1)
	id 0zfTiv-0001lv-00; Mon, 16 Nov 1998 11:50:05 -0700
Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.1/8.8.3) with ESMTP id LAA05146; Mon, 16 Nov 1998 11:49:27 -0700 (MST)
Message-Id: <199811161849.LAA05146@harmony.village.org>
To: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
Subject: Re: Would this make FreeBSD more secure? 
Cc: Matthew Dillon <dillon@apollo.backplane.com>, freebsd-security@FreeBSD.ORG
In-reply-to: Your message of "Mon, 16 Nov 1998 12:59:09 +0100."
		<19981116125909.A28486@internal> 
References: <19981116125909.A28486@internal>  <19981116072937.E969@internal> <19981115192224.A29686@internal> <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com> <19981115192224.A29686@internal> <199811152210.PAA01604@harmony.village.org> <199811160658.XAA01912 < 
Date: Mon, 16 Nov 1998 11:49:27 -0700
From: Warner Losh <imp@village.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In message <19981116125909.A28486@internal> Andre Albsmeier writes:
: That is exactly my opinion. I think a program should run with the
: minimum privileges it really needs to and not more.

I still think that it is a lot of effort for just one or two
programs.  xlock and xlockmore (basically the same program) are the
only two programs that I'm aware of that need to access the password
file and not change the uid of the process.  Where are the rest of the
half dozen :-)...

Warner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message