From owner-freebsd-security  Tue Nov 17 02:09:44 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id CAA18677
          for freebsd-security-outgoing; Tue, 17 Nov 1998 02:09:44 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id CAA18672
          for <freebsd-security@FreeBSD.ORG>; Tue, 17 Nov 1998 02:09:40 -0800 (PST)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id LAA15537;
	Tue, 17 Nov 1998 11:07:47 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id LAA19609;
	Tue, 17 Nov 1998 11:07:46 +0100 (MET)
Message-ID: <19981117110746.23373@follo.net>
Date: Tue, 17 Nov 1998 11:07:46 +0100
From: Eivind Eklund <eivind@yes.no>
To: Nate Williams <nate@mt.sri.com>, Warner Losh <imp@village.org>
Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>,
        Matthew Dillon <dillon@apollo.backplane.com>,
        freebsd-security@FreeBSD.ORG
Subject: Re: Would this make FreeBSD more secure?
References: <19981116072937.E969@internal> <19981115192224.A29686@internal> <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com> <199811152210.PAA01604@harmony.village.org> <199811160658.XAA01912 < <19981116125909.A28486@internal> <199811161849.LAA05146@harmony.village.org> <199811161940.MAA19331@mt.sri.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89.1i
In-Reply-To: <199811161940.MAA19331@mt.sri.com>; from Nate Williams on Mon, Nov 16, 1998 at 12:40:12PM -0700
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, Nov 16, 1998 at 12:40:12PM -0700, Nate Williams wrote:
> The other issue is since they will no longer be setuid(), someone can
> crash them and get the passwd file from them to crack later or we'd have
> to change all of the 'don't dump core' code to look for setgid(passwd)
> stuff.  All of a sudden this 'simple fix' gets to be obnoxious and isn't
> buying us a whole lot.

setgid() programs don't dump core, I think.  If they do, that is a
security hole, and should be fixed.  Non-problem.  General suggestion
(and this is not aimed just at Nate): Please think twice before trying
to shoot down somebody elses suggestion.  By shooting down changes, we
end up being very conservative - and if people get their suggestions
for good changes shot down, they are less likely to try again later.
Example: This tendency almost cost us our NAT code before - everybody
(by the authors impression) was shouting "you can't do that!" before
he'd written the code.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message