From owner-freebsd-current Thu Jan 4 14:20:20 2001 From owner-freebsd-current@FreeBSD.ORG Thu Jan 4 14:20:15 2001 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from puck.firepipe.net (poynting.physics.purdue.edu [128.210.146.58]) by hub.freebsd.org (Postfix) with ESMTP id C70D237B404 for ; Thu, 4 Jan 2001 14:20:14 -0800 (PST) Received: from argon.firepipe.net (pm013-044.dialup.bignet.net [64.79.82.108]) by puck.firepipe.net (Postfix) with ESMTP id 6BF581A0A; Thu, 4 Jan 2001 17:20:13 -0500 (EST) Received: by argon.firepipe.net (Postfix, from userid 1000) id B1FE819E0; Thu, 4 Jan 2001 17:20:05 -0500 (EST) Date: Thu, 4 Jan 2001 17:20:05 -0500 From: Will Andrews To: Garrett Wollman Cc: current@FreeBSD.org Subject: Re: cvs commit: src/usr.bin/apply apply.c Message-ID: <20010104172004.P86630@argon.firepipe.net> Reply-To: Will Andrews Mail-Followup-To: Will Andrews , Garrett Wollman , current@FreeBSD.org References: <200101041905.f04J5ou82617@freefall.freebsd.org> <200101041909.OAA61522@khavrinen.lcs.mit.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <200101041909.OAA61522@khavrinen.lcs.mit.edu>; from wollman@khavrinen.lcs.mit.edu on Thu, Jan 04, 2001 at 02:09:53PM -0500 X-Operating-System: FreeBSD 5.0-CURRENT i386 Sender: will@argon.firepipe.net Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, Jan 04, 2001 at 02:09:53PM -0500, Garrett Wollman wrote: > What is the reason for this change? Paranoia. There's nothing wrong with a little extra paranoia in case someone tries to use apply(1) through suidperl on a web interface. Granted, it's not likely to happen, but you never know. > I see no benefit in modifying many programs in this manner which do > not ordinarily run with elevated privileges. I do; FreeBSD's reputation for security. There's nothing like having some confidence in the OS. > It is the responsibility of those programs that do, to ensure that the > environment passed to their children is safe and sane. So what? Not that many people consider security concerns, let alone write them. What, exactly, are we trading off by making apply(1) a bit more paranoid? A couple extra cpu cycles? Maybe you haven't noticed, but these days there's almost nobody still using 100MHz chips. And out of the ones that do, how many will use apply(1) more than once or twice in the lifetime of the machine? I think such logic could be applied to most usr.bin and probably other parts of the tree. -- wca To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message