From owner-freebsd-stable@FreeBSD.ORG Mon Dec 24 15:28:16 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0015FCDA for ; Mon, 24 Dec 2012 15:28:15 +0000 (UTC) (envelope-from freebsd-stable@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.freebsd.org (Postfix) with ESMTP id 9F58C8FC0A for ; Mon, 24 Dec 2012 15:28:14 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1Tn9x0-0007VR-Js for freebsd-stable@freebsd.org; Mon, 24 Dec 2012 16:28:26 +0100 Received: from 79-139-19-75.prenet.pl ([79.139.19.75]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 24 Dec 2012 16:28:22 +0100 Received: from jb.1234abcd by 79-139-19-75.prenet.pl with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 24 Dec 2012 16:28:22 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-stable@freebsd.org From: jb Subject: Re: What is "negative group permissions"? (Re: narawntapu security run output) Date: Mon, 24 Dec 2012 15:27:57 +0000 (UTC) Lines: 29 Message-ID: References: <201212230805.qBN850Pj083122@narawntapu.narawntapu> <50D7287C.7020802@aldan.algebra.com> <20121223162332.GA38788@pit.databus.com> <50D86D60.2060506@aldan.algebra.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: sea.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 79.139.19.75 (Mozilla/5.0 (X11; Linux i686; rv:10.0.11) Gecko/20121121 Firefox/10.0.11) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Dec 2012 15:28:16 -0000 Mikhail T. aldan.algebra.com> writes: > > On 23.12.2012 11:48, Chris Rees wrote: > > They involve a lot of thought to get right, as well as chmod g-w on > > something where you probably meant chmod go-w is a disastrous but > > (perhaps) common error. Chris > > Well, in (over 20) years of dealing with Unix, I've never made a mistake > like that, nor do I understand, how it can be considered "common" ... > Got to admit, I was surprised to see it. It made me think, I do not > understand something -- or that FreeBSD is becoming overly > paternalistic. It turned out to be the latter... > > I doubt, it is useful. Worse, issuing such warnings routinely, only > reinforces the unfortunate misconceptions like the one Barney > demonstrated in this thread. When originally added, the check was meant > to be off by default: > ... > perhaps, it should have remained off? Yours, Those security checks are for a reason - people make mistakes (even a perfect guy like you will have a "head in a brown bag" time). It is better to get a heads-up, then think about it and turn it off (customize) if considered unneeded. jb