Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 17 Apr 1998 01:55:05 -0400
From:      Matthew Hunt <mph@pobox.com>
To:        Robert Watson <robert+freebsd@cyrus.watson.org>, Dima Ruban <dima@best.net>
Cc:        stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject:   Re: kernel permissions
Message-ID:  <19980417015505.15073@mph124.rh.psu.edu>
In-Reply-To: <Pine.BSF.3.96.980417013537.8952E-100000@trojanhorse.pr.watson.org>; from Robert Watson on Fri, Apr 17, 1998 at 01:45:29AM -0400
References:  <199804170519.WAA12540@burka.rdy.com> <Pine.BSF.3.96.980417013537.8952E-100000@trojanhorse.pr.watson.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 17, 1998 at 01:45:29AM -0400, Robert Watson wrote:

> Anyhow, if there is sufficient interest in the project, I'd like to try
> and get it off the ground.  Presumably, some changes might work their way
> back into the default distribution.  If we lose no significant
> functionality, it cannot hurt to restrict priveledges.  It may help us
> when those unpredicted vulnerabilities do turn up.  

It sounds to me like a wothwhile project, even though I would be
unlikely to use it myself.  I do question the idea of making it
part of the ports system, because the idea of ports modifying the
base system seems like a considerable departure from the rest of
the ports collection.

I can't be persuaded that a world-readable kernel can ever present
a problem (the real problem would have to be in some other software)
and Dima is unlikely to be persuaded to my point of view.  I see
a pattern in my future: "make install", forget to change the perms
to 444, reboot, kick myself (since I run with securelevel=1), swear
to remember next time, and repeat the cycle. :-)

-- 
Matthew Hunt <mph@pobox.com> * Stay close to the Vorlon.
http://mph124.rh.psu.edu/~mph/pgp.key for PGP public key 0x67203349.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980417015505.15073>