Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Nov 1999 17:05:23 +0800
From:      Peter Wemm <peter@netplex.com.au>
To:        Warner Losh <imp@village.org>
Cc:        Poul-Henning Kamp <phk@critter.freebsd.dk>, freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG
Subject:   Re: ps on 4.0-current 
Message-ID:  <19991124090523.9689C1C6D@overcee.netplex.com.au>
In-Reply-To: Message from Warner Losh <imp@village.org>  of "Wed, 24 Nov 1999 01:01:33 MST." <199911240801.BAA19058@harmony.village.org> 

next in thread | previous in thread | raw e-mail | index | archive | help
Warner Losh wrote:
> In message <31375.943401255@critter.freebsd.dk> Poul-Henning Kamp writes:
> : Warner ?

[.. reasons for and against ..]

> Not all will agree with this, and it is a change from the past so
> there needs to be a sysctl to control this.  And given that it is a
> radical change from the past, it needs to default to open.
> 
> Warner

Without wanting to get "please send patches" (I fear sysinstall as much as
anyone), I think it would be really nice to create a place where we can set
a default 'security profile' or something which arranges for these sorts
of things to be set according to the role of the machine.

For example, in "workstation" mode, the reasonable default is "open",
because typically there is one user on the box (other than root) and that
person has root access.  Excessive hiding info from that user just means
that they'll have to use root more, or will give up the idea of using a mortal
user entirely and run everything as root (a Really Bad idea, think of Windoze
and viruses etc etc).

In a dedicated server role, again it might be appropriate to default it to
"open"  (dedicated server being something like a squid box), again there will be
a couple of sysadmin type users or people who have to monitor things.  Hiding
information gains nothing there either.

In other roles, including something like a shell server box with presumably
hostile users (you reasonably have to assume this), you want everything you
possibly can to be locked down.

Oh for ACL's, privilige attributes, etc.  It would solve this sort of thing
nicely so that you could allow admin users to see what's going on
(including a ps -ax and see what the users are running) without having to
constantly (ab)use root and the dangers of overusing that.

Cheers,
-Peter



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991124090523.9689C1C6D>