Date: Thu, 16 Apr 1998 09:06:21 -0400 From: Drew Derbyshire - UUPC/extended software support <software@kew.com> To: dima@best.net Subject: Re: kernel permissions Message-ID: <3536024D.2269231E@kew.com> References: <199804160511.WAA03453@burka.rdy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dima Ruban wrote: > Okay. Here's an example. Ever hear of a commertially available drivers? > When you install such stuff, you don't want somebody to be able to read > them, or have a copy of kernel with them. Why? Because you did pay for them > and whoever wants to have an access - didnt. This gives rise to to question as to why you would allow such a person on your machine. Making such software unreadable is not the normal practice in any case, and vendors don't expect it. > Normal users *do not need* to have an read access to the kernel. > They simply don't. You assume a different class of user than many of us. I, for example, do not allow people outside the Wonderworks to be in group wheel (or even staff), but allow them access to my configuration information for cloning. Given that and the sources, there is no reason to secure the kernel since they can recreate it from the sources (as others have pointed out). But do not change things for change's sake. Requiring a global priv when it should not be needed is a good way to make too many programs too powerful, which can lead to exposures. If you can only secure your system by obscuring things, it's security will fail. -- Drew Derbyshire UUPC/extended e-mail: software@kew.com Telephone: 617-279-9812 "There are three possible parts to a date, of which at least two must be offered: entertainment, food, and affection. It is customary to begin a series of dates with a great deal of entertainment, a moderate amount of food, and the merest suggestion of affection. As the amount of affection increases, the entertainment can be reduced proportionately. When the affection IS the entertainment, we no longer call it dating. Under no circumstances can the food be omitted." -- Miss Manners' Guide to Excruciatingly Correct Behavior To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3536024D.2269231E>