Date: Wed, 15 Apr 1998 12:49:27 -0700 (PDT) From: dima@best.net (Dima Ruban) To: tsprad@set.spradley.tmi.net (Ted Spradley) Cc: dima@best.net, trost@cloud.rain.com, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <199804151949.MAA02749@burka.rdy.com> In-Reply-To: <E0yPXnd-0004WJ-00@set.spradley.tmi.net> from Ted Spradley at "Apr 15, 98 02:24:48 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
Ted Spradley writes: > > > > As for the world read permissions: Removing the read permissions seems > > > like a gratuitious pseudo-security change. Is there any reason to > > > prevent users from reading the kernel? Presumably, /usr/src/sys is > > > > In some case I don't want my users to read a kernel name list. > > > > > readable anyhow, so a person could build their own kernel with the same > > > configuration, so they may as well just copy the running one. > > > > You do not always have /usr/src/sys on your machine. Especially > > on a production enviroment. > > You can change the permissions any way you like on your machine. Users who are knowledgeable enough to worry about know where they can find the sources. To me, this is just gratuitous change for the sake of change. One more time. In some cases you don't want your users to read kernel namelist. Generic kernel source code won't help. Another example. Do search on your local box for all the programs, that don't allow 'others' to read the binary. Ever wonder why? > > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804151949.MAA02749>