From owner-freebsd-hackers Mon Sep 23 2:37:42 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5DABD37B401; Mon, 23 Sep 2002 02:37:41 -0700 (PDT) Received: from warez.scriptkiddie.org (uswest-dsl-142-38.cortland.com [209.162.142.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3F33743E7B; Mon, 23 Sep 2002 02:37:33 -0700 (PDT) (envelope-from lamont@scriptkiddie.org) Received: from [192.168.69.11] (unknown [192.168.69.11]) by warez.scriptkiddie.org (Postfix) with ESMTP id 2367062D1A; Mon, 23 Sep 2002 02:37:32 -0700 (PDT) Date: Mon, 23 Sep 2002 02:37:31 -0700 (PDT) From: Lamont Granquist To: Juli Mallett Cc: Paul Schenkeveld , FreeBSD Hackers Subject: Re: Just a wild idea In-Reply-To: <20020922213311.A99425@FreeBSD.org> Message-ID: <20020923023031.D7466-100000@coredump.scriptkiddie.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, 22 Sep 2002, Juli Mallett wrote: > Maybe just replace all suser(9) uses with MAC credential checks, and > install MAC_UNIX by default, which would be set up to behave like > ye olden UNIX... Who knows. Something like that sounds like a really good idea. I'd like to see this not only for binding to low ports but also, for example, to set the system time -- this would let you run ntpd as non-root. It'd be interesting to have a system one day where once you've gone past single user mode, root drops all its privs and acts just like a normal user account and daemon accounts only have special privs handed out to them in little chunks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message