From owner-freebsd-security Thu Apr 16 13:44:39 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id NAA26642 for freebsd-security-outgoing; Thu, 16 Apr 1998 13:44:39 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA26557 for ; Thu, 16 Apr 1998 20:44:27 GMT (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id QAA14229; Thu, 16 Apr 1998 16:43:36 -0400 (EDT) Date: Thu, 16 Apr 1998 16:43:36 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Niall Smart cc: Philippe Regnauld , dima@best.net, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions In-Reply-To: <199804161328.OAA02264@indigo.ie> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Thu, 16 Apr 1998, Niall Smart wrote: > On Apr 16, 10:13am, Philippe Regnauld wrote: > } Subject: Re: kernel permissions > > > Preventing things in the eventual (unproven) fear that > > they could be exploited in some way (not necessarily > > security) is, IMHO, "change for the sake of change". > > I'd call this "prudence". I'd call chmod 440 /kernel "over-prudence" > though. :) So, one possible concern might be for US residents that with developed IPsec code in ones kernel (including encryption), ones kernel might no longer be exportable :). We wouldn't want our users grabbing the kernel code to run on their own machine :). (I know, a stretch, but...) Robert N Watson ---- Carnegie Mellon University http://www.cmu.edu/ Trusted Information Systems http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message