From owner-freebsd-security Thu Apr 16 21:54:42 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id VAA17087 for freebsd-security-outgoing; Thu, 16 Apr 1998 21:54:42 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from mph124.rh.psu.edu (mph@MPH124.rh.psu.edu [128.118.126.83]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA17070; Fri, 17 Apr 1998 04:54:34 GMT (envelope-from mph@mph124.rh.psu.edu) Received: (from mph@localhost) by mph124.rh.psu.edu (8.8.8/8.8.8) id AAA06016; Fri, 17 Apr 1998 00:54:09 -0400 (EDT) (envelope-from mph) Message-ID: <19980417005408.08278@mph124.rh.psu.edu> Date: Fri, 17 Apr 1998 00:54:08 -0400 From: Matthew Hunt To: dima@best.net Cc: stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Mail-Followup-To: dima@best.net, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG References: <199804170340.UAA12029@burka.rdy.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.89i In-Reply-To: <199804170340.UAA12029@burka.rdy.com>; from Dima Ruban on Thu, Apr 16, 1998 at 08:40:22PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Thu, Apr 16, 1998 at 08:40:22PM -0700, Dima Ruban wrote: > 1. Debugging symbols and symbol table - user doesn't need that. > 2. Possible kernel configuration - questionable. > 3. Kernel namelist - user doesn't need that. > 4. Kernel copy with possible commercial stuff - user doesn't need that. > 5. Kernel copy with possible restricted/crypto - user doesn't need that. My complaint, and I think the general complaint of people disagreeing with you, is that you are not setting policy at your site, you are setting policy on all FreeBSD boxes, as-shipped. Why are you in a position to decide what users, at thousands of sites besides your own, do or do not need to know? Many of the arguments you have made could be applied to making /bin/ls mode 111 as well, since nobody *needs* to look at that. There is a heritage, or intertia, that says we should keep things like they are, unless there is a clear reason to do otherwise. You, therefore, are the one in the position to justify the change, and it does not seem to me like you have done so. My $0.02. -- Matthew Hunt * Stay close to the Vorlon. http://mph124.rh.psu.edu/~mph/pgp.key for PGP public key 0x67203349. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message