From owner-freebsd-hackers  Sun May 31 05:24:15 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id FAA18915
          for freebsd-hackers-outgoing; Sun, 31 May 1998 05:24:15 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from implode.root.com (implode.root.com [198.145.90.17])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA18838
          for <freebsd-hackers@FreeBSD.ORG>; Sun, 31 May 1998 05:22:59 -0700 (PDT)
          (envelope-from root@implode.root.com)
Received: from implode.root.com (localhost [127.0.0.1])
	by implode.root.com (8.8.5/8.8.5) with ESMTP id FAA07750;
	Sun, 31 May 1998 05:22:28 -0700 (PDT)
Message-Id: <199805311222.FAA07750@implode.root.com>
To: Terry Lambert <tlambert@primenet.com>
cc: abial@nask.pl (Andrzej Bialecki), freebsd-hackers@FreeBSD.ORG
Subject: Re: Signed executables, safe delete etc. 
In-reply-to: Your message of "Sun, 31 May 1998 09:34:54 -0000."
             <199805310934.CAA19826@usr04.primenet.com> 
From: David Greenman <dg@root.com>
Reply-To: dg@root.com
Date: Sun, 31 May 1998 05:22:28 -0700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

>> You can wonder what all this is for: it helps to ensure that no element of
>> the system has been changed without you knowing it. It could be performed
>> during startup of the system, and/or just before executing each binary (as
>> far as I understand it, ELF allows to put pretty arbitrary sections into
>> the binary). Moreover, this helps to ensure that the system won't boot
>> without proper authorization, and even if someone steals it, it could
>> refuse to give in (this would require encrypting the disk contents, of
>> course - that's why I said about bootblocks...).
>
>VMS will not mark an executable as executable unless the VMS linker is
>the program that created the file.
>
>In general, the VMS mechanism prevents programs without SYSPRIV from
>generating programs that can be loaded as executable.  The mechanism
>prevents the common case in BSD-land of LISP and other binaries that
>extend the data space of executables with code.
>
>Typically, this is a bad trade-off, favoring security over usability.

   Terry, sometimes I think we exist in different realities. First of all,
any user can set a file as executable in VMS. It does not require any special
privileges. Second, there is no "SYSPRIV" privilege. There is a "SYSPRV"
privilege, however, that allows the holder access system resources as if
he had a system UIC. One does not have to have a system UIC to change
file permissions (including the executable flag); all one needs is to be
the owner of the file - just like it is in Unix. Third, LISP works just fine
in VMS, including dynamic compilation and process extension.

-DG

David Greenman
Co-founder/Principal Architect, The FreeBSD Project

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message