Date: Fri, 19 Apr 2002 13:35:57 +0200 From: Poul-Henning Kamp <phk@critter.freebsd.dk> To: Brian Somers <brian@freebsd-services.com> Cc: Garrett Wollman <wollman@lcs.mit.edu>, "J. Mallett" <jmallett@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h Message-ID: <11657.1019216157@critter.freebsd.dk> In-Reply-To: Your message of "Fri, 19 Apr 2002 12:25:12 BST." <200204191125.g3JBPCSg072782@hak.lan.Awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <200204191125.g3JBPCSg072782@hak.lan.Awfulhak.org>, Brian Somers wri tes: >I agree with Garrett. This change is *very* broken. > >[...] > >Agreed, a program that does this is broken, but I believe the program >needs to be fixed, not the kernel. While I agree that this change is not quite orthodox, I don't think we can educate the masses of lousy programmers out there to not do stupid things any time soon. I can't think of any programs that will break as a result of this, in particular I cannot think of any setuid programs which it will break. OpenBSD has done this for a couple of years, and that hasn't rid us of Theo so it obviously is not a total catastrophy. Finally, since this has not been discussed on any lists, I would expect this to be in reponse to some tangible threat, (most likely somewhere in ports ?) so we probably don't have much of a choice anyway. So can we avoid giving our security-officer a hard time for doing his job ? Please ? Thankyou! -- Poul-Henning Kamp | UNIX since Zilog Zeus 3.20 phk@FreeBSD.ORG | TCP/IP since RFC 956 FreeBSD committer | BSD since 4.3-tahoe Never attribute to malice what can adequately be explained by incompetence. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?11657.1019216157>