From owner-freebsd-arch Thu Jul 27 6:45:13 2000 Delivered-To: freebsd-arch@freebsd.org Received: from midget.dons.net.au (daniel.lnk.telstra.net [139.130.137.70]) by hub.freebsd.org (Postfix) with ESMTP id CF2A737B869 for ; Thu, 27 Jul 2000 06:45:06 -0700 (PDT) (envelope-from darius@guppy.dons.net.au) Received: from guppy.dons.net.au (guppy.dons.net.au [203.31.81.9]) by midget.dons.net.au (8.9.3/8.9.1) with ESMTP id XAA37652; Thu, 27 Jul 2000 23:14:37 +0930 (CST) (envelope-from darius@guppy.dons.net.au) Received: (from darius@localhost) by guppy.dons.net.au (8.9.3/8.9.3) id XAA02286; Thu, 27 Jul 2000 23:14:27 +0930 (CST) (envelope-from darius) Message-ID: X-Mailer: XFMail 1.4.0 on FreeBSD X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <20000727083920.A9036@hamlet.nectar.com> Date: Thu, 27 Jul 2000 23:14:27 +0930 (CST) From: "Daniel O'Connor" To: "Jacques A. Vidrine" Subject: Re: How much security should ldconfig enforce? Cc: arch@freebsd.org, John Polstra , Neil Blakey-Milner Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On 27-Jul-00 Jacques A. Vidrine wrote: > On Thu, Jul 27, 2000 at 02:52:47PM +0200, Neil Blakey-Milner wrote: >> You expect someone to check out sources and recompile the program to >> make it secure when you can instead use a command line option? > No, I expect by default that it be built in secure mode. > > I expect that if someone wants to shoot herself in the foot, she can > twiddle make.conf and rebuild from source to disable this option. If the default behaviour is safe (ie by default it checks permissions) then I don't see that it is necessary to make it a build time option. If you are playing with options you don't understand then you're asking for trouble :) --- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message