From owner-cvs-all Mon Dec 21 16:13:12 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id QAA17728 for cvs-all-outgoing; Mon, 21 Dec 1998 16:13:12 -0800 (PST) (envelope-from owner-cvs-all@FreeBSD.ORG) Received: from ns1.yes.no (ns1.yes.no [195.204.136.10]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id QAA17718; Mon, 21 Dec 1998 16:12:58 -0800 (PST) (envelope-from eivind@bitbox.follo.net) Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218]) by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id BAA18061; Tue, 22 Dec 1998 01:12:53 +0100 (CET) Received: (from eivind@localhost) by bitbox.follo.net (8.8.8/8.8.6) id BAA20328; Tue, 22 Dec 1998 01:12:50 +0100 (MET) Message-ID: <19981222011249.I14124@follo.net> Date: Tue, 22 Dec 1998 01:12:49 +0100 From: Eivind Eklund To: Mark Murray , Matthew Dillon Cc: Dag-Erling Smorgrav , cvs-committers@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf References: <199812212012.MAA47267@apollo.backplane.com> <199812212113.XAA63667@greenpeace.grondar.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.93.2i In-Reply-To: <199812212113.XAA63667@greenpeace.grondar.za>; from Mark Murray on Mon, Dec 21, 1998 at 11:13:26PM +0200 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk On Mon, Dec 21, 1998 at 11:13:26PM +0200, Mark Murray wrote: > The "sandbox" concept in Unix is quite badly flawed. Given that in > Java it is difficult enough to implement properly, trying to do it > in Unix is JA impossible. The next-best approach is to fix the > software, not break the OS. Running Unix software in sandboxes is a good thing, as long as it is as _part_ of a security setup. You're not supposed to be using this as an excuse to not fix the other software - you're supposed to use it as a way of making sure that a problem in your other fix will have less impact. Normal layered security models. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message