From owner-freebsd-security  Fri Apr 17 13:42:36 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA22570
          for freebsd-security-outgoing; Fri, 17 Apr 1998 13:42:36 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (root@FLEDGE.RES.CMU.EDU [128.2.91.116])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id UAA22487
          for <freebsd-security@freebsd.org>; Fri, 17 Apr 1998 20:41:58 GMT
          (envelope-from robert@cyrus.watson.org)
Received: from trojanhorse.pr.watson.org (trojanhorse.pr.watson.org [192.0.2.10])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id QAA03110
	for <freebsd-security@freebsd.org>; Fri, 17 Apr 1998 16:41:51 -0400 (EDT)
Date: Fri, 17 Apr 1998 16:44:29 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@trojanhorse.pr.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: freebsd-security@FreeBSD.ORG
Subject: Proposal: remove existing schg flags from make buildworld
Message-ID: <Pine.BSF.3.96.980417163946.11132C-100000@trojanhorse.pr.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk


Currently, the use of schg flags can be a major hassle for those trying to
build secure systems.  Performing a build world generates a set of schg
files that are hard to deal with in a secure environment (after all, they
are schg :).  Rather than imposing the schg flags during the build, it
might be more appropriate to apply them only during the install.  Even
blowing away my object tree is made difficult:

fledge:/home/fbsd-stable/src# rm -Rf ../obj/*
rm: ../obj/home/fbsd-stable/src/tmp/usr/lib/libcipher.so.2.0: Operation
not permitted
rm: ../obj/home/fbsd-stable/src/tmp/usr/lib/libc.so.3.1: Operation not
permitted
rm: ../obj/home/fbsd-stable/src/tmp/usr/lib/libdescrypt.so.2.0: Operation
not permitted
rm: ../obj/home/fbsd-stable/src/tmp/usr/lib: Directory not empty
rm: ../obj/home/fbsd-stable/src/tmp/usr/libexec/ld.so: Operation not
permitted
rm: ../obj/home/fbsd-stable/src/tmp/usr/libexec: Directory not empty
rm: ../obj/home/fbsd-stable/src/tmp/usr: Directory not empty
rm: ../obj/home/fbsd-stable/src/tmp: Directory not empty

(up-to-date version of -stable -- I assume this also happens in -current?)

There is nothing gained by doing this -- the source is not protected, and
neither is the compiler :).  Clearly on an install, it is useful to apply
schg (although previous discussion suggests that this is not the case with
the current arrangement :), but not during the build process.

  Robert N Watson 


----
Carnegie Mellon University  http://www.cmu.edu/
Trusted Information Systems http://www.tis.com/
SafePort Network Services   http://www.safeport.com/
robert@fledge.watson.org    http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message