From owner-freebsd-audit Mon Dec 6 3:29: 8 1999 Delivered-To: freebsd-audit@freebsd.org Received: from tank.skynet.be (tank.skynet.be [195.238.2.35]) by hub.freebsd.org (Postfix) with ESMTP id 268AF150FF; Mon, 6 Dec 1999 03:29:03 -0800 (PST) (envelope-from root@foxbert.skynet.be) Received: from foxbert.skynet.be (foxbert.skynet.be [195.238.1.45]) by tank.skynet.be (8.9.3/odie-relay-v1.0) with ESMTP id MAA15484; Mon, 6 Dec 1999 12:28:59 +0100 (MET) Received: (from root@localhost) by foxbert.skynet.be (8.9.1/jovi-pop-2.1) id MAA25586; Mon, 6 Dec 1999 12:28:57 +0100 (MET) Mime-Version: 1.0 X-Sender: blk@foxbert.skynet.be Message-Id: In-Reply-To: <26871.944477622@axl.noc.iafrica.com> References: <26871.944477622@axl.noc.iafrica.com> Date: Mon, 6 Dec 1999 12:28:15 +0100 To: Sheldon Hearn , obrien@FreeBSD.ORG From: Brad Knowles Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h Cc: arch@FreeBSD.ORG, audit@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 12:53 PM +0200 1999/12/6, Sheldon Hearn wrote: > Nah, just leave the historical linear assignment as the default mode > of operation for the sake of POLA and document the knob for random > assignment in rc.conf.5 and wherever else might be appropriate. I don't suppose that this is a democracy, and that we can each vote for the default we want to have, can we? I can't speak for the "convenience" of having linear PID assignment (I just can't imagine a way that anyone could take advantage of this in a "good" way). However, I can say that there are a boatload of dain-bramaged scripts out there that I think would have their security measurably increased (even if by a small amount), if this option were turned on. Hell, I think just about every script I've ever written would fall in this category. ;-) My understanding was that we're trying to increase the default security level of the OS, and unless there were really big problems in changing the defaults for something that would help us towards this goal, we would go ahead and make the change (properly documented and instrumented, of course). I mean, we *are* talking about -CURRENT here, right? It's my understanding that anyone running -CURRENT has to expect that the thing won't be usable (heck, may not even compile) at any one particular point in time, and if they want to actually try to use -CURRENT, it's their responsibility to track the mailing list, CVS commit log, etc... and then do their own work to make the system usable -- and then provide those changes back to the community, so that others can benefit. Unless I'm missing something fundamental here, I don't see why we can't make changes of this scale. Much larger changes have been made to -CURRENT in the past, and I'm sure that much larger changes will be made to -CURRENT in the future. It seems to me that the sort of stuff we're talking about would fit into that same mold, and could even be more important than some of the really huge changes that have been made previously -- those were just functionality, whereas now we're talking about security. If we don't make the leap now to try to raise the default security level of the OS, then when are we? -- These are my opinions -- not to be taken as official Skynet policy ____________________________________________________________________ |o| Brad Knowles, Belgacom Skynet NV/SA |o| |o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o| |o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o| |o| http://www.skynet.be Belgium |o| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message