From owner-freebsd-security Fri Jul 18 22:55:26 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id WAA08873 for security-outgoing; Fri, 18 Jul 1997 22:55:26 -0700 (PDT) Received: from enteract.com (enteract.com [206.54.252.1]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA08867 for ; Fri, 18 Jul 1997 22:55:23 -0700 (PDT) Received: (from tqbf@localhost) by enteract.com (8.8.5/8.7.6) id AAA00747; Sat, 19 Jul 1997 00:55:09 -0500 (CDT) From: "Thomas H. Ptacek" Message-Id: <199707190555.AAA00747@enteract.com> Subject: Re: Security Model/Target for FreeBSD or 4.4? To: dholland@eecs.harvard.edu (David Holland) Date: Sat, 19 Jul 1997 00:55:09 -0500 (CDT) Cc: tqbf@enteract.com, grr@shandakor.tharsis.com, adam@homeport.org, robert@cyrus.watson.org, freebsd-security@freebsd.org, tech@openbsd.org Reply-To: tqbf@enteract.com In-Reply-To: <199707182323.TAA05583@burgundy.eecs.harvard.edu> from "David Holland" at Jul 18, 97 07:23:50 pm X-Mailer: ELM [version 2.4 PL24 ME8a] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > out very carefully - it's very easy to end up with huge additional > complexity with no increment in security. You're right. In many environments, there may not be a significant gain in security; however, in some environments, there may be something to be gained, and, in this case, the added complexity is minimal. I look forward to Mr. de Raadt sharing his concept for arbitrary restrictions on privileged port access without kernel modifications. ---------------- Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf@enteract.com] ---------------- "If you're so special, why aren't you dead?"