From owner-freebsd-security Wed Nov 24 1: 5:36 1999 Delivered-To: freebsd-security@freebsd.org Received: from overcee.netplex.com.au (overcee.netplex.com.au [202.12.86.7]) by hub.freebsd.org (Postfix) with ESMTP id 97AA514D3F; Wed, 24 Nov 1999 01:05:28 -0800 (PST) (envelope-from peter@netplex.com.au) Received: from netplex.com.au (localhost [127.0.0.1]) by overcee.netplex.com.au (Postfix) with ESMTP id 9689C1C6D; Wed, 24 Nov 1999 17:05:23 +0800 (WST) (envelope-from peter@netplex.com.au) X-Mailer: exmh version 2.1.1 10/15/1999 To: Warner Losh Cc: Poul-Henning Kamp , freebsd-current@FreeBSD.ORG, security@FreeBSD.ORG Subject: Re: ps on 4.0-current In-Reply-To: Message from Warner Losh of "Wed, 24 Nov 1999 01:01:33 MST." <199911240801.BAA19058@harmony.village.org> Date: Wed, 24 Nov 1999 17:05:23 +0800 From: Peter Wemm Message-Id: <19991124090523.9689C1C6D@overcee.netplex.com.au> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Warner Losh wrote: > In message <31375.943401255@critter.freebsd.dk> Poul-Henning Kamp writes: > : Warner ? [.. reasons for and against ..] > Not all will agree with this, and it is a change from the past so > there needs to be a sysctl to control this. And given that it is a > radical change from the past, it needs to default to open. > > Warner Without wanting to get "please send patches" (I fear sysinstall as much as anyone), I think it would be really nice to create a place where we can set a default 'security profile' or something which arranges for these sorts of things to be set according to the role of the machine. For example, in "workstation" mode, the reasonable default is "open", because typically there is one user on the box (other than root) and that person has root access. Excessive hiding info from that user just means that they'll have to use root more, or will give up the idea of using a mortal user entirely and run everything as root (a Really Bad idea, think of Windoze and viruses etc etc). In a dedicated server role, again it might be appropriate to default it to "open" (dedicated server being something like a squid box), again there will be a couple of sysadmin type users or people who have to monitor things. Hiding information gains nothing there either. In other roles, including something like a shell server box with presumably hostile users (you reasonably have to assume this), you want everything you possibly can to be locked down. Oh for ACL's, privilige attributes, etc. It would solve this sort of thing nicely so that you could allow admin users to see what's going on (including a ps -ax and see what the users are running) without having to constantly (ab)use root and the dangers of overusing that. Cheers, -Peter To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message