Date: Tue, 1 Dec 1998 19:50:28 +0100 From: Eivind Eklund <eivind@yes.no> To: Matthew Dillon <dillon@apollo.backplane.com>, freebsd-current@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kmem, tty, bind security enhancements commit. Message-ID: <19981201195028.A21015@follo.net> In-Reply-To: <199812010551.VAA02953@apollo.backplane.com>; from Matthew Dillon on Mon, Nov 30, 1998 at 09:51:45PM -0800 References: <199812010551.VAA02953@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 30, 1998 at 09:51:45PM -0800, Matthew Dillon wrote: > Now that everyone is backfrom thanksgiving and 2.2.8 is out the > door, I'd like to commit the following changes to -current. These > are as previously discussed and the changes have also been running > on most of BEST's machines for a couple of weeks now so I'd like > to commit them. > > I'd like someone to sign off on the concept. Eivind? Bruce? Jordan? [on running identd as kmem, ntalkd as tty, and bind as bind/bind] Sounds good to me, as long as it does not require changes to existing installations (which I couldn't see it needing from your description). I'm somewhat surprised at the getuid() test in ntalkd being there at all - it seems like this should have been done with permissions instead of getuid(), and shouldn't be needed anyway. However, I don't have the SCCS repository (yet), so I can't see why it was introduced - it has been there (in slightly changing incarnation) since 4.4 lite. Your user/group suggestion looks good - too bad operator is screwed up. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981201195028.A21015>