Date: Thu, 16 Apr 1998 09:06:21 -0400 From: Drew Derbyshire - UUPC/extended software support <software@kew.com> To: dima@best.net Subject: Re: kernel permissions Message-ID: <3536024D.2269231E@kew.com> References: <199804160511.WAA03453@burka.rdy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dima Ruban wrote:
> Okay. Here's an example. Ever hear of a commertially available drivers?
> When you install such stuff, you don't want somebody to be able to read
> them, or have a copy of kernel with them. Why? Because you did pay for them
> and whoever wants to have an access - didnt.
This gives rise to to question as to why you would allow such a person on your
machine. Making such software unreadable is not the normal practice in any
case, and vendors don't expect it.
> Normal users *do not need* to have an read access to the kernel.
> They simply don't.
You assume a different class of user than many of us. I, for example, do not
allow people outside the Wonderworks to be in group wheel (or even staff), but
allow them access to my configuration information for cloning. Given that and
the sources, there is no reason to secure the kernel since they can recreate
it from the sources (as others have pointed out).
But do not change things for change's sake. Requiring a global priv when it
should not be needed is a good way to make too many programs too powerful,
which can lead to exposures.
If you can only secure your system by obscuring things, it's security will
fail.
--
Drew Derbyshire UUPC/extended e-mail: software@kew.com
Telephone: 617-279-9812
"There are three possible parts to a date, of which at least two must be
offered: entertainment, food, and affection. It is customary to begin
a series of dates with a great deal of entertainment, a moderate amount
of food, and the merest suggestion of affection. As the amount of
affection increases, the entertainment can be reduced proportionately.
When the affection IS the entertainment, we no longer call it dating.
Under no circumstances can the food be omitted."
-- Miss Manners' Guide to Excruciatingly Correct Behavior
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3536024D.2269231E>