From owner-freebsd-hackers Tue Oct 5 15:20:16 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from pau-amma.whistle.com (pau-amma.whistle.com [207.76.205.64]) by hub.freebsd.org (Postfix) with ESMTP id CECDE15649 for ; Tue, 5 Oct 1999 15:19:54 -0700 (PDT) (envelope-from dhw@whistle.com) Received: (from dhw@localhost) by pau-amma.whistle.com (8.9.2/8.9.2) id PAA87711; Tue, 5 Oct 1999 15:19:53 -0700 (PDT) Date: Tue, 5 Oct 1999 15:19:53 -0700 (PDT) From: David Wolfskill Message-Id: <199910052219.PAA87711@pau-amma.whistle.com> To: FreeBSD-Hackers@FreeBSD.ORG, pwd@apple.com Subject: Re: Apple's planned appoach to permissions on movable filesystems In-Reply-To: <199910052119.OAA24627@scv1.apple.com> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG >Date: Tue, 5 Oct 1999 14:19:22 -0700 >From: Pat Dirks >[Lots of interesting, useful stuff elided -- dhw] >ADOPTING "FOREIGN" FILESYSTEMS >... >Note that one interesting option might be to provide a one-time-only >"adoption" which has no permanent effect; when the disk is encountered >later it is once again "foreign". This might make sense for security >reasons (if you don't want this disk to become a possible future carrier >for SetUID binaries) Actually, I would expect that from a security/integrity perspective, one would want the default to be that a re-introduced disk would be considered "foreign". This might seem unfriendly to some, but unless you really know where the medium has been, there's no basis for trusting its content any more than any other random (but otherwise equivalent) medium. A mechanism for overriding this presumption could be useful, if used in sufficient moderation. Cheers, david -- David Wolfskill dhw@whistle.com UNIX System Administrator voice: (650) 577-7158 pager: (888) 347-0197 FAX: (650) 372-5915 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message