From owner-freebsd-arch Thu Jul 27 5:53:22 2000 Delivered-To: freebsd-arch@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id B2F9A37B51D for ; Thu, 27 Jul 2000 05:53:18 -0700 (PDT) (envelope-from nbm@sunesi.net) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 13Hn9b-000C53-00; Thu, 27 Jul 2000 14:52:47 +0200 Date: Thu, 27 Jul 2000 14:52:47 +0200 From: Neil Blakey-Milner To: "Jacques A. Vidrine" Cc: John Polstra , arch@freebsd.org Subject: Re: How much security should ldconfig enforce? Message-ID: <20000727145247.A46416@mithrandr.moria.org> References: <20000727075027.C8974@hamlet.nectar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <20000727075027.C8974@hamlet.nectar.com>; from n@nectar.com on Thu, Jul 27, 2000 at 07:50:27AM -0500 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu 2000-07-27 (07:50), Jacques A. Vidrine wrote: > On Wed, Jul 26, 2000 at 07:36:13PM -0700, John Polstra wrote: > > 3. It could default to strictly secure but accept a command-line > > option to relax the constraints. And an rc.conf knob could be added > > to control whether or not it was strict at boot time. > > I like this option, but the knob should be compile-time, IMHO. Why? You expect someone to check out sources and recompile the program to make it secure when you can instead use a command line option? Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message