Date: Fri, 17 Apr 1998 14:52:54 +0800 From: Peter Wemm <peter@netplex.com.au> To: Matthew Hunt <mph@pobox.com> Cc: Robert Watson <robert+freebsd@cyrus.watson.org>, Dima Ruban <dima@best.net>, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <199804170652.OAA27954@spinner.netplex.com.au> In-Reply-To: Your message of "Fri, 17 Apr 1998 01:55:05 -0400." <19980417015505.15073@mph124.rh.psu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Hunt wrote: [..] > I can't be persuaded that a world-readable kernel can ever present > a problem (the real problem would have to be in some other software) > and Dima is unlikely to be persuaded to my point of view. I see > a pattern in my future: "make install", forget to change the perms > to 444, reboot, kick myself (since I run with securelevel=1), swear > to remember next time, and repeat the cycle. :-) For what it's worth, I strongly disagree with making it 440 as well. It serves no purpose other than inconveniencing people. I mean, the majority of the systems would stil have /usr/src/sys/compile/SYSNAME/* readable. What's next? enforcing restricted permissions on /usr/src? chmod 751 /dev? How many places do we describe 'nm -p /kernel | sort | more' as part of the standard procedure for people mailing bug reports? This is rare enough as it is, and since it's more inconvenient it'll become rarer still. Cheers, -Peter -- Peter Wemm <peter@netplex.com.au> Netplex Consulting To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804170652.OAA27954>