Date: Fri, 17 Apr 1998 01:55:05 -0400 From: Matthew Hunt <mph@pobox.com> To: Robert Watson <robert+freebsd@cyrus.watson.org>, Dima Ruban <dima@best.net> Cc: stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <19980417015505.15073@mph124.rh.psu.edu> In-Reply-To: <Pine.BSF.3.96.980417013537.8952E-100000@trojanhorse.pr.watson.org>; from Robert Watson on Fri, Apr 17, 1998 at 01:45:29AM -0400 References: <199804170519.WAA12540@burka.rdy.com> <Pine.BSF.3.96.980417013537.8952E-100000@trojanhorse.pr.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Apr 17, 1998 at 01:45:29AM -0400, Robert Watson wrote: > Anyhow, if there is sufficient interest in the project, I'd like to try > and get it off the ground. Presumably, some changes might work their way > back into the default distribution. If we lose no significant > functionality, it cannot hurt to restrict priveledges. It may help us > when those unpredicted vulnerabilities do turn up. It sounds to me like a wothwhile project, even though I would be unlikely to use it myself. I do question the idea of making it part of the ports system, because the idea of ports modifying the base system seems like a considerable departure from the rest of the ports collection. I can't be persuaded that a world-readable kernel can ever present a problem (the real problem would have to be in some other software) and Dima is unlikely to be persuaded to my point of view. I see a pattern in my future: "make install", forget to change the perms to 444, reboot, kick myself (since I run with securelevel=1), swear to remember next time, and repeat the cycle. :-) -- Matthew Hunt <mph@pobox.com> * Stay close to the Vorlon. http://mph124.rh.psu.edu/~mph/pgp.key for PGP public key 0x67203349. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980417015505.15073>