From owner-freebsd-arch Wed Jul 26 23:16:27 2000 Delivered-To: freebsd-arch@freebsd.org Received: from grimreaper.grondar.za (grimreaper.grondar.za [196.7.18.138]) by hub.freebsd.org (Postfix) with ESMTP id 9355937C0BF for ; Wed, 26 Jul 2000 23:16:06 -0700 (PDT) (envelope-from mark@grondar.za) Received: from grimreaper.grondar.za (localhost [127.0.0.1]) by grimreaper.grondar.za (8.9.3/8.9.3) with ESMTP id IAA16104; Thu, 27 Jul 2000 08:15:49 +0200 (SAST) (envelope-from mark@grimreaper.grondar.za) Message-Id: <200007270615.IAA16104@grimreaper.grondar.za> To: John Polstra Cc: arch@FreeBSD.ORG Subject: Re: How much security should ldconfig enforce? References: In-Reply-To: ; from John Polstra "Wed, 26 Jul 2000 19:36:13 MST." Date: Thu, 27 Jul 2000 08:15:48 +0200 From: Mark Murray Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Just kidding -- this is about ldconfig. Last night I committed > some security-related changes that somebody submitted to me. The > changes make ldconfig refuse to pay attention to directories which are > world-writable or not owned by root. In the commit message I also > stated a desire to strengthen it further by disallowing group-writable > directories. I thought that was good :-) > 1. It could allow anything, just like it did before I made my commit. Not a good idea, but... > 2. It could strictly enforce secure ownerships, groups, and > permissions -- i.e., keep last night's commit and add group > writability checking too. ...your correspondent had a point, however. > 3. It could default to strictly secure but accept a command-line > option to relax the constraints. And an rc.conf knob could be added > to control whether or not it was strict at boot time. Could it relax constraints on a per-directory basis, so that folk who want a shared lib dir with *this* privelige *here* can do that? M -- Mark Murray Join the anti-SPAM movement: http://www.cauce.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message