From owner-freebsd-arch  Thu Jul 27  6:45:13 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from midget.dons.net.au (daniel.lnk.telstra.net [139.130.137.70])
	by hub.freebsd.org (Postfix) with ESMTP id CF2A737B869
	for <arch@freebsd.org>; Thu, 27 Jul 2000 06:45:06 -0700 (PDT)
	(envelope-from darius@guppy.dons.net.au)
Received: from guppy.dons.net.au (guppy.dons.net.au [203.31.81.9])
	by midget.dons.net.au (8.9.3/8.9.1) with ESMTP id XAA37652;
	Thu, 27 Jul 2000 23:14:37 +0930 (CST)
	(envelope-from darius@guppy.dons.net.au)
Received: (from darius@localhost)
	by guppy.dons.net.au (8.9.3/8.9.3) id XAA02286;
	Thu, 27 Jul 2000 23:14:27 +0930 (CST)
	(envelope-from darius)
Message-ID: <XFMail.000727231427.darius@dons.net.au>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <20000727083920.A9036@hamlet.nectar.com>
Date: Thu, 27 Jul 2000 23:14:27 +0930 (CST)
From: "Daniel O'Connor" <darius@dons.net.au>
To: "Jacques A. Vidrine" <n@nectar.com>
Subject: Re: How much security should ldconfig enforce?
Cc: arch@freebsd.org, John Polstra <jdp@polstra.com>,
	Neil Blakey-Milner <nbm@mithrandr.moria.org>
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG


On 27-Jul-00 Jacques A. Vidrine wrote:
> On Thu, Jul 27, 2000 at 02:52:47PM +0200, Neil Blakey-Milner wrote:
>> You expect someone to check out sources and recompile the program to
>> make it secure when you can instead use a command line option?
> No, I expect by default that it be built in secure mode.
> 
> I expect that if someone wants to shoot herself in the foot, she can
> twiddle make.conf and rebuild from source to disable this option.

If the default behaviour is safe (ie by default it checks permissions) then I
don't see that it is necessary to make it a build time option. 

If you are playing with options you don't understand then you're asking for
trouble :)

---
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message