From owner-freebsd-arch Thu Jul 27 14:32:45 2000 Delivered-To: freebsd-arch@freebsd.org Received: from frmug.org (frmug-gw.frmug.org [193.56.58.252]) by hub.freebsd.org (Postfix) with ESMTP id 7303F37B523 for ; Thu, 27 Jul 2000 14:32:41 -0700 (PDT) (envelope-from roberto@keltia.freenix.fr) Received: (from uucp@localhost) by frmug.org (8.9.3/frmug-2.7/nospam) with UUCP id XAA02136 for arch@freebsd.org; Thu, 27 Jul 2000 23:32:35 +0200 (CEST) (envelope-from roberto@keltia.freenix.fr) Received: by keltia.freenix.fr (Postfix, from userid 101) id 9E90F8894; Thu, 27 Jul 2000 21:33:01 +0200 (CEST) Date: Thu, 27 Jul 2000 21:33:01 +0200 From: Ollivier Robert To: arch@freebsd.org Subject: Re: How much security should ldconfig enforce? Message-ID: <20000727213301.A43542@keltia.freenix.fr> Mail-Followup-To: Ollivier Robert , arch@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: ; from jdp@polstra.com on Wed, Jul 26, 2000 at 07:36:13PM -0700 X-Operating-System: FreeBSD 5.0-CURRENT/ELF AMD-K6/200 & 2x PPro/200 SMP Sender: owner-freebsd-arch@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG According to John Polstra: > 1. It could allow anything, just like it did before I made my commit. > > 2. It could strictly enforce secure ownerships, groups, and > permissions -- i.e., keep last night's commit and add group > writability checking too. > > 3. It could default to strictly secure but accept a command-line > option to relax the constraints. And an rc.conf knob could be added > to control whether or not it was strict at boot time. #3 seems to me the Right Thing[tm]. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 5.0-CURRENT #80: Sun Jun 4 22:44:19 CEST 2000 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message