From owner-freebsd-stable Thu Apr 16 01:44:10 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id BAA17426 for freebsd-stable-outgoing; Thu, 16 Apr 1998 01:44:10 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from huset.math.ntnu.no (huset.math.ntnu.no [129.241.211.212]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id BAA17351 for ; Thu, 16 Apr 1998 01:43:58 -0700 (PDT) (envelope-from arnej@stud.math.ntnu.no) Message-Id: <199804160843.BAA17351@hub.freebsd.org> Received: (qmail 28851 invoked from network); 16 Apr 1998 08:43:53 -0000 Received: from huset.math.ntnu.no (HELO stud.math.ntnu.no) (129.241.211.212) by huset.math.ntnu.no with SMTP; 16 Apr 1998 08:43:53 -0000 To: dima@best.net Cc: tsprad@set.spradley.tmi.net, louie@TransSys.COM, trost@cloud.rain.com, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions In-Reply-To: Your message of "Wed, 15 Apr 1998 23:08:39 -0700 (PDT)" References: <199804160608.XAA03735@burka.rdy.com> X-Mailer: Mew version 1.54 on Emacs 19.34.1 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Thu, 16 Apr 1998 10:43:53 +0200 From: Arne Henrik Juul Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk Dima Ruban wrote: > Ted Spradley writes: > > Normal usersdo not need *not* to have read access to the kernel. If it > > ain't broke, don't fix it. > > I've already gave you an example why it shouldn't be like this. Your argument was not very compelling - you can't say that most, or even many, FreeBSD machines have commercial drivers, much less that the have such drivers with so draconian license agreements that you're not even allowed to have the in-kernel object code readable for normal users. (For what it's worth, I've never heard about such a license agreement, ever, for any piece of software). On my machines, I'm mostly logged in as myself, not as root. I think this is a good practice and I'll keep on doing that. I don't *want* to have any special privileges on my normal user, and what's more, I *want* my students to be able to peek around in the system as much as possible, also on the machines where they can't be allowed to have the root password. I *don't* want to have to su root just to do normal things that shouldn't need root access. I've been inconvenienced by stupid programs being installed without read access for normal users, many times through the years. (I do sysadmin work on a large number of machines with various OS'es.) I think that if *you* want a read-protected kernel (for reasons that applies to a very small subset of FreeBSD users), *you* should write a config file for mtree that actually helps security, and apply it on *your* machine. I mean, what's the point of read-protecting the kernel in / without doing the same to /var/db/kvm_kernel.db? Logically, it's much more important to protect sendmail to be unreadable, and modify it so it won't tell its version number to normal users. Or implementing the policy that no setuid programs should be readable for users, since that allows them to inspect the object code for buffer overruns and such. (Assuming the prospective hacker isn't smart enough to go look at the sources to simplify the task :-) So please, implement whatever policy you want on *your* machine! - Arne H. Juul senior engineer, Department of Mathematical Sciences, Norwegian University of Science and Technology. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message