From owner-freebsd-hackers@FreeBSD.ORG  Thu Aug 21 14:11:30 2003
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id C572416A4BF
	for <freebsd-hackers@freebsd.org>;
	Thu, 21 Aug 2003 14:11:30 -0700 (PDT)
Received: from episec.com (episec.com [198.78.65.141])
	by mx1.FreeBSD.org (Postfix) with SMTP id 306E143F85
	for <freebsd-hackers@freebsd.org>;
	Thu, 21 Aug 2003 14:11:30 -0700 (PDT)
	(envelope-from edelkind-freebsd-hackers@episec.com)
Received: (qmail 83543 invoked by uid 1024); 21 Aug 2003 21:09:58 -0000
Date: Thu, 21 Aug 2003 17:09:58 -0400
From: ari <edelkind-freebsd-hackers@episec.com>
To: freebsd-hackers@freebsd.org, flowpriv@episec.com
Message-ID: <20030821210958.GC55671@episec.com>
Mail-Followup-To: ari <edelkind-freebsd-hackers@episec.com>,
	freebsd-hackers@freebsd.org, flowpriv@episec.com
References: <20030817181315.GL55671@episec.com>
	<20030821065854.GA11586@dan.emsphone.com> <20030821125028.GY55671@episec.com>
	<20030821162156.GL47959@garage.freebsd.pl> <20030821170915.GZ55671@episec.com>
	<20030821204403.GN47959@garage.freebsd.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030821204403.GN47959@garage.freebsd.pl>
Subject: Re: [future patch] dropping user privileges on demand
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Aug 2003 21:11:31 -0000

nick@garage.freebsd.pl said this stuff:

> As I said. Stuff like systrace or cerb doesn't need to be standarized,
> because it is transparent for applications. It doesn't need any work from
> userland application programmer. That's why it is easy to addopt for
> non-BSD-licensed applications or even for non-open-source applications.

This is precisely why i began working on the project.  What's
transparent to applications is not transparent to administrators.

So instead of having one programmer (or even a group of programmers)
"fix" the code, you have every administrator correct for it.  Of course,
it would be best if every administrator verified that it acted properly
anyway, but that's simply not going to happen.

Sure, some programmers are lazy.  Some programmers don't care.  But some
will benefit, and that's what matters.  This isn't intended to solve all
the world's coding problems.  It will probably never be used by as many
programmers as systrace will by administrators.  It's just furthering
the unix mentality of shedding privileges, without granting additional
ones.  You seem to think that the idea is a security hack.  It isn't.
It's more of a security model.

ari