From owner-freebsd-arch  Thu Jul 27  6:48:29 2000
Delivered-To: freebsd-arch@freebsd.org
Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194])
	by hub.freebsd.org (Postfix) with ESMTP id 5596437B8FC
	for <arch@freebsd.org>; Thu, 27 Jul 2000 06:48:24 -0700 (PDT)
	(envelope-from nbm@sunesi.net)
Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1)
	id 13Ho17-000CK0-00; Thu, 27 Jul 2000 15:48:05 +0200
Date: Thu, 27 Jul 2000 15:48:05 +0200
From: Neil Blakey-Milner <nbm@mithrandr.moria.org>
To: "Jacques A. Vidrine" <n@nectar.com>
Cc: John Polstra <jdp@polstra.com>, arch@freebsd.org
Subject: Re: How much security should ldconfig enforce?
Message-ID: <20000727154804.A47282@mithrandr.moria.org>
References: <XFMail.000726193613.jdp@polstra.com> <20000727075027.C8974@hamlet.nectar.com> <20000727145247.A46416@mithrandr.moria.org> <20000727083920.A9036@hamlet.nectar.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0.1i
In-Reply-To: <20000727083920.A9036@hamlet.nectar.com>; from n@nectar.com on Thu, Jul 27, 2000 at 08:39:20AM -0500
Organization: Sunesi Clinical Systems
X-Operating-System: FreeBSD 3.3-RELEASE i386
X-URL: http://rucus.ru.ac.za/~nbm/
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Thu 2000-07-27 (08:39), Jacques A. Vidrine wrote:
> > You expect someone to check out sources and recompile the program to
> > make it secure when you can instead use a command line option?
> 
> No, I expect by default that it be built in secure mode.
> 
> I expect that if someone wants to shoot herself in the foot, she can
> twiddle make.conf and rebuild from source to disable this option.

I don't think we should make policy decisions that require people to go
off and bend over backwards to do something that isn't necessarily
insecure.

Otherwise, people will do horrible things with sudo and start giving out
passwords, since that'll be easier than escaping our policy.

If it's an option, then when that person uses the option, they know what
they're doing.  The extra 54 bytes is not going to be missed by anyone.

While we're providing a safety net by overriding root's ability to do
stupid things, we're also blatantly overriding root's ability to do
what we consider to be stupid things but which aren't necessarily stupid
things.

Neil
-- 
Neil Blakey-Milner
Sunesi Clinical Systems
nbm@mithrandr.moria.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message