From owner-freebsd-security  Fri Apr 17 17:32:32 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA22241
          for freebsd-security-outgoing; Fri, 17 Apr 1998 17:32:32 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from d183-205.uoregon.edu (d183-205.uoregon.edu [128.223.183.205])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id AAA22222
          for <freebsd-security@FreeBSD.ORG>; Sat, 18 Apr 1998 00:32:23 GMT
          (envelope-from gurney_j@efn.org)
Received: (from jmg@localhost)
          by d183-205.uoregon.edu (8.8.7/8.8.7) id RAA15248;
          Fri, 17 Apr 1998 17:32:20 -0700 (PDT)
Message-ID: <19980417173220.12782@hydrogen.nike.efn.org>
Date: Fri, 17 Apr 1998 17:32:20 -0700
From: John-Mark Gurney <gurney_j@efn.org>
To: Robert Watson <robert+freebsd@cyrus.watson.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Proposal: remove existing schg flags from make buildworld
References: <Pine.BSF.3.96.980417163946.11132C-100000@trojanhorse.pr.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.69
In-Reply-To: <Pine.BSF.3.96.980417163946.11132C-100000@trojanhorse.pr.watson.org>; from Robert Watson on Fri, Apr 17, 1998 at 04:44:29PM -0400
Reply-To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>
Organization: Cu Networking
X-Operating-System: FreeBSD 2.2.1-RELEASE i386
X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31  96 7A 22 B3 D8 56 36 F4
X-Files: The truth is out there
X-URL: http://resnet.uoregon.edu/~gurney_j/
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk

Robert Watson scribbled this message on Apr 17:
> Currently, the use of schg flags can be a major hassle for those trying to
> build secure systems.  Performing a build world generates a set of schg
> files that are hard to deal with in a secure environment (after all, they
> are schg :).  Rather than imposing the schg flags during the build, it
> might be more appropriate to apply them only during the install.  Even
> blowing away my object tree is made difficult:

just buildworld as a normal user...  I've been doing this for close to
a half year now..  and if this is such a secure environment, why are
you doing this as root??

[...]

> There is nothing gained by doing this -- the source is not protected, and
> neither is the compiler :).  Clearly on an install, it is useful to apply
> schg (although previous discussion suggests that this is not the case with
> the current arrangement :), but not during the build process.

-- 
  John-Mark Gurney                      Modem Rev/FAX: +1 541 346 9237
  Cu Networking					  P.O. Box 5693, 97405

  Live in Peace, destroy Micro$oft, support free software, run FreeBSD
	    Don't trust anyone you don't have the source for

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message