Date: Mon, 7 Jan 2013 17:52:40 -0600 From: Brooks Davis <brooks@freebsd.org> To: jb <jb.1234abcd@gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: What is "negative group permissions"? (Re: narawntapu security run output) Message-ID: <20130107235240.GB35700@lor.one-eyed-alien.net> In-Reply-To: <loom.20121224T162127-822@post.gmane.org> References: <201212230805.qBN850Pj083122@narawntapu.narawntapu> <50D7287C.7020802@aldan.algebra.com> <20121223162332.GA38788@pit.databus.com> <CADLo83-iEdD8C=K7qc6_V4CUA=edcOD91Ywz1Tb286wiMyQJLw@mail.gmail.com> <50D86D60.2060506@aldan.algebra.com> <loom.20121224T162127-822@post.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZoaI/ZTpAVc4A5k6 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Dec 24, 2012 at 03:27:57PM +0000, jb wrote: > Mikhail T. <mi+thun <at> aldan.algebra.com> writes: >=20 > >=20 > > On 23.12.2012 11:48, Chris Rees wrote: > > > They involve a lot of thought to get right, as well as chmod g-w on= =20 > > > something where you probably meant chmod go-w is a disastrous but=20 > > > (perhaps) common error. Chris=20 > >=20 > > Well, in (over 20) years of dealing with Unix, I've never made a mistak= e=20 > > like that, nor do I understand, how it can be considered "common" ...= =20 > > Got to admit, I was surprised to see it. It made me think, I do not=20 > > understand something -- or that FreeBSD is becoming overly=20 > > paternalistic. It turned out to be the latter... > >=20 > > I doubt, it is useful. Worse, issuing such warnings routinely, only=20 > > reinforces the unfortunate misconceptions like the one Barney=20 > > demonstrated in this thread. When originally added, the check was meant= =20 > > to be off by default: > > ...=20 > > perhaps, it should have remained off? Yours, >=20 > Those security checks are for a reason - people make mistakes (even a per= fect > guy like you will have a "head in a brown bag" time). > It is better to get a heads-up, then think about it and turn it off (cust= omize) > if considered unneeded. This specific check is there and on by default because you CAN NOT rely on negative group permissions unless you never use more than 14 groups or never use NFS. The check is a compromise I implemented as part of the switch to allowing large number of groups per user (technically per-process). Users who wish to use them and know what they are doing can easily turn it off. IIRC the reason it was off by default to start with is that I wanted to MFC it but it's been a long time so I'm no longer certain. -- Brooks --ZoaI/ZTpAVc4A5k6 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (FreeBSD) iD8DBQFQ61/IXY6L6fI4GtQRAtxnAKDL+umY52FgYoKBOmlfQ8BSAZU1HACgu6NM 3YZhXpNzo/Vu4hgnsd1t1X0= =72wK -----END PGP SIGNATURE----- --ZoaI/ZTpAVc4A5k6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130107235240.GB35700>