From owner-freebsd-security Sat Apr 18 09:15:34 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA05723 for freebsd-security-outgoing; Sat, 18 Apr 1998 09:15:34 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from uriela.in-berlin.de (uriela.in-berlin.de [192.109.42.147]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id QAA05687 for ; Sat, 18 Apr 1998 16:15:25 GMT (envelope-from nortobor.nostromo.in-berlin.de!ripley@never.mind.de) Received: by uriela.in-berlin.de (/\oo/\ Smail3.1.29.1 #29.8) from never.never.mind.de (193.101.72.4) with smtp id m0yQaGs-000LuAC; Sat, 18 Apr 98 18:15 MET DST Received: by never.never.mind.de (linux Smail3.1.28.1 #1) id m0yQaGq-000ExyC; Sat, 18 Apr 98 18:15 MET DST Received: (from ripley@localhost) by nortobor.nostromo.in-berlin.de (8.8.7/8.8.7) id WAA06535; Fri, 17 Apr 1998 22:40:15 +0200 (CEST) (envelope-from ripley) Message-ID: <19980417224014.65058@nostromo.in-berlin.de> Date: Fri, 17 Apr 1998 22:40:14 +0200 From: "H. Eckert" To: freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions References: <199804162302.BAA15315@ocean.campus.luth.se> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.84e In-Reply-To: <199804162302.BAA15315@ocean.campus.luth.se>; from Mikael Karpberg on Fri, Apr 17, 1998 at 01:02:22AM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk On Fri, Apr 17, 1998 at 01:02:22AM +0200, Mikael Karpberg wrote: > It's easy to forget to frob all the 1000 small knobs that "you can frob > on YOUR machine if you want it secure". It's however quite easy to remember > to chmod it when you or one of your users gets annoyed at not being able to > read it. It annoys you the first time, but you su, chmod, and exit. Nothing > more to it. You simply will not forget to, because it will not let you. I agree that the "1000 small knobs" of customization is something to be avoided. So let's think on how we can centralize this kind of stuff in a friendly way so a concerned admin can easily browse through a security setup to have lots of knobs activated by doing something like "network=secure" in the config file. Think of the /etc/rc.conf that handles a lot of things. If we can have a friendly frontend program as has already been suggested that's even better. Greetings, Ripley -- http://www.in-berlin.de/User/nostromo/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message