Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 6 Dec 1999 12:28:15 +0100
From:      Brad Knowles <blk@skynet.be>
To:        Sheldon Hearn <sheldonh@uunet.co.za>, obrien@FreeBSD.ORG
Cc:        arch@FreeBSD.ORG, audit@FreeBSD.ORG
Subject:   Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h
Message-ID:  <v0422080ab4714b845138@[195.238.21.204]>
In-Reply-To: <26871.944477622@axl.noc.iafrica.com>
References:  <26871.944477622@axl.noc.iafrica.com>

next in thread | previous in thread | raw e-mail | index | archive | help
At 12:53 PM +0200 1999/12/6, Sheldon Hearn wrote:

>  Nah, just leave the historical linear assignment as the default mode
>  of operation for the sake of POLA and document the knob for random
>  assignment in rc.conf.5 and wherever else might be appropriate.

	I don't suppose that this is a democracy, and that we can each 
vote for the default we want to have, can we?


	I can't speak for the "convenience" of having linear PID 
assignment (I just can't imagine a way that anyone could take 
advantage of this in a "good" way).

	However, I can say that there are a boatload of dain-bramaged 
scripts out there that I think would have their security measurably 
increased (even if by a small amount), if this option were turned on. 
Hell, I think just about every script I've ever written would fall in 
this category.  ;-)


	My understanding was that we're trying to increase the default 
security level of the OS, and unless there were really big problems 
in changing the defaults for something that would help us towards 
this goal, we would go ahead and make the change (properly documented 
and instrumented, of course).

	I mean, we *are* talking about -CURRENT here, right?  It's my 
understanding that anyone running -CURRENT has to expect that the 
thing won't be usable (heck, may not even compile) at any one 
particular point in time, and if they want to actually try to use 
-CURRENT, it's their responsibility to track the mailing list, CVS 
commit log, etc... and then do their own work to make the system 
usable -- and then provide those changes back to the community, so 
that others can benefit.


	Unless I'm missing something fundamental here, I don't see why we 
can't make changes of this scale.  Much larger changes have been made 
to -CURRENT in the past, and I'm sure that much larger changes will 
be made to -CURRENT in the future.

	It seems to me that the sort of stuff we're talking about would 
fit into that same mold, and could even be more important than some 
of the really huge changes that have been made previously -- those 
were just functionality, whereas now we're talking about security.


	If we don't make the leap now to try to raise the default 
security level of the OS, then when are we?

-- 
   These are my opinions -- not to be taken as official Skynet policy
  ____________________________________________________________________
|o| Brad Knowles, <blk@skynet.be>            Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin      Rue Col. Bourg, 124   |o|
|o| Phone/Fax: +32-2-706.11.11/12.49         B-1140 Brussels       |o|
|o| http://www.skynet.be                     Belgium               |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
  Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
   Unix is very user-friendly.  It's just picky who its friends are.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v0422080ab4714b845138>