Date: Fri, 17 Apr 1998 17:32:20 -0700 From: John-Mark Gurney <gurney_j@efn.org> To: Robert Watson <robert+freebsd@cyrus.watson.org> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Proposal: remove existing schg flags from make buildworld Message-ID: <19980417173220.12782@hydrogen.nike.efn.org> In-Reply-To: <Pine.BSF.3.96.980417163946.11132C-100000@trojanhorse.pr.watson.org>; from Robert Watson on Fri, Apr 17, 1998 at 04:44:29PM -0400 References: <Pine.BSF.3.96.980417163946.11132C-100000@trojanhorse.pr.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson scribbled this message on Apr 17: > Currently, the use of schg flags can be a major hassle for those trying to > build secure systems. Performing a build world generates a set of schg > files that are hard to deal with in a secure environment (after all, they > are schg :). Rather than imposing the schg flags during the build, it > might be more appropriate to apply them only during the install. Even > blowing away my object tree is made difficult: just buildworld as a normal user... I've been doing this for close to a half year now.. and if this is such a secure environment, why are you doing this as root?? [...] > There is nothing gained by doing this -- the source is not protected, and > neither is the compiler :). Clearly on an install, it is useful to apply > schg (although previous discussion suggests that this is not the case with > the current arrangement :), but not during the build process. -- John-Mark Gurney Modem Rev/FAX: +1 541 346 9237 Cu Networking P.O. Box 5693, 97405 Live in Peace, destroy Micro$oft, support free software, run FreeBSD Don't trust anyone you don't have the source for To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980417173220.12782>