From owner-freebsd-security  Fri Jul  9 13: 3:55 1999
Delivered-To: freebsd-security@freebsd.org
Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31])
	by hub.freebsd.org (Postfix) with ESMTP id A729314FC7
	for <security@FreeBSD.ORG>; Fri,  9 Jul 1999 13:03:51 -0700 (PDT)
	(envelope-from des@flood.ping.uio.no)
Received: (from des@localhost)
	by flood.ping.uio.no (8.9.3/8.9.1) id WAA57984;
	Fri, 9 Jul 1999 22:03:35 +0200 (CEST)
	(envelope-from des)
To: Warner Losh <imp@village.org>
Cc: Dag-Erling Smorgrav <des@flood.ping.uio.no>,
	Gustavo V G C Rios <kernel@tdnet.com.br>, security@FreeBSD.ORG,
	bos-owner-br@sekure.org
Subject: Re: suid/guid
References: <xzpso6xrcen.fsf@flood.ping.uio.no>  <3784D440.1075EFB3@tdnet.com.br> <199907091622.KAA20280@harmony.village.org> <199907091658.KAA20551@harmony.village.org>
From: Dag-Erling Smorgrav <des@flood.ping.uio.no>
Date: 09 Jul 1999 22:03:35 +0200
In-Reply-To: Warner Losh's message of "Fri, 09 Jul 1999 10:58:08 -0600"
Message-ID: <xzpr9mhr3oo.fsf@flood.ping.uio.no>
Lines: 13
X-Mailer: Gnus v5.5/Emacs 19.34
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Warner Losh <imp@village.org> writes:
> Agreed.  I'm also starting to think that a system-wide tunable that
> would turn off almost all of the set[ug]id installation.  Almost
> nobody needs setuidperl, for example.  If df is installed w/o setgid
> operator, almost no functionality is lost.  etc.  Of course exatly
> what would be lost would be documented.  Comments?

None on the general concept - but one on the specific example: who
except root needs to know what df(1) can report when sgid operator?

DES
-- 
Dag-Erling Smorgrav - des@flood.ping.uio.no


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message