From owner-freebsd-arch Wed Jul 26 21: 1: 5 2000 Delivered-To: freebsd-arch@freebsd.org Received: from mta5.rcsntx.swbell.net (mta5.rcsntx.swbell.net [151.164.30.29]) by hub.freebsd.org (Postfix) with ESMTP id 71EF837B643 for ; Wed, 26 Jul 2000 21:01:02 -0700 (PDT) (envelope-from chris@holly.calldei.com) Received: from holly.calldei.com ([208.191.149.190]) by mta5.rcsntx.swbell.net (Sun Internet Mail Server sims.3.5.2000.01.05.12.18.p9) with ESMTP id <0FYC000CP89FVQ@mta5.rcsntx.swbell.net> for arch@FreeBSD.ORG; Wed, 26 Jul 2000 22:56:04 -0500 (CDT) Received: (from chris@localhost) by holly.calldei.com (8.9.3/8.9.3) id WAA37368; Wed, 26 Jul 2000 22:54:23 -0500 (CDT envelope-from chris) Date: Wed, 26 Jul 2000 22:54:22 -0500 From: Chris Costello Subject: Re: How much security should ldconfig enforce? In-reply-to: To: John Polstra Cc: arch@FreeBSD.ORG Reply-To: chris@calldei.com Message-id: <20000726225421.G30816@holly.calldei.com> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii User-Agent: Mutt/0.96.4i References: Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wednesday, July 26, 2000, John Polstra wrote: > 1. It could allow anything, just like it did before I made my commit. > > 2. It could strictly enforce secure ownerships, groups, and > permissions -- i.e., keep last night's commit and add group > writability checking too. > > 3. It could default to strictly secure but accept a command-line > option to relax the constraints. And an rc.conf knob could be added > to control whether or not it was strict at boot time. I like the third option. You should be able to shoot yourself in the foot if you _really_ want to. -- |Chris Costello |Those who can, do. Those who cannot, teach. Those who cannot teach, HACK! `--------------------------------------------------------------------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message