From owner-freebsd-security Wed Apr 15 12:49:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA22591 for freebsd-security-outgoing; Wed, 15 Apr 1998 12:49:54 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id TAA22497; Wed, 15 Apr 1998 19:49:38 GMT (envelope-from dima@burka.rdy.com) Received: by burka.rdy.com id MAA02749; (8.8.8/RDY) Wed, 15 Apr 1998 12:49:27 -0700 (PDT) Message-Id: <199804151949.MAA02749@burka.rdy.com> Subject: Re: kernel permissions In-Reply-To: from Ted Spradley at "Apr 15, 98 02:24:48 pm" To: tsprad@set.spradley.tmi.net (Ted Spradley) Date: Wed, 15 Apr 1998 12:49:27 -0700 (PDT) Cc: dima@best.net, trost@cloud.rain.com, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk Ted Spradley writes: > > > > As for the world read permissions: Removing the read permissions seems > > > like a gratuitious pseudo-security change. Is there any reason to > > > prevent users from reading the kernel? Presumably, /usr/src/sys is > > > > In some case I don't want my users to read a kernel name list. > > > > > readable anyhow, so a person could build their own kernel with the same > > > configuration, so they may as well just copy the running one. > > > > You do not always have /usr/src/sys on your machine. Especially > > on a production enviroment. > > You can change the permissions any way you like on your machine. Users who are knowledgeable enough to worry about know where they can find the sources. To me, this is just gratuitous change for the sake of change. One more time. In some cases you don't want your users to read kernel namelist. Generic kernel source code won't help. Another example. Do search on your local box for all the programs, that don't allow 'others' to read the binary. Ever wonder why? > > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message