From owner-freebsd-current  Tue Dec  1 10:50:56 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA01346
          for freebsd-current-outgoing; Tue, 1 Dec 1998 10:50:56 -0800 (PST)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA01334;
          Tue, 1 Dec 1998 10:50:50 -0800 (PST)
          (envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.1a/8.9.1) with ESMTP id TAA05736;
	Tue, 1 Dec 1998 19:50:30 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id TAA22081;
	Tue, 1 Dec 1998 19:50:29 +0100 (MET)
Message-ID: <19981201195028.A21015@follo.net>
Date: Tue, 1 Dec 1998 19:50:28 +0100
From: Eivind Eklund <eivind@yes.no>
To: Matthew Dillon <dillon@apollo.backplane.com>, freebsd-current@FreeBSD.ORG,
        freebsd-security@FreeBSD.ORG
Subject: Re: kmem, tty, bind security enhancements commit.
References: <199812010551.VAA02953@apollo.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <199812010551.VAA02953@apollo.backplane.com>; from Matthew Dillon on Mon, Nov 30, 1998 at 09:51:45PM -0800
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, Nov 30, 1998 at 09:51:45PM -0800, Matthew Dillon wrote:
>     Now that everyone is backfrom thanksgiving and 2.2.8 is out the
>     door, I'd like to commit the following changes to -current.  These
>     are as previously discussed and the changes have also been running
>     on most of BEST's machines for a couple of weeks now so I'd like
>     to commit them.
> 
>     I'd like someone to sign off on the concept.  Eivind?  Bruce?  Jordan?

[on running identd as kmem, ntalkd as tty, and bind as bind/bind]

Sounds good to me, as long as it does not require changes to existing
installations (which I couldn't see it needing from your description).  I'm
somewhat surprised at the getuid() test in ntalkd being there at all - it
seems like this should have been done with permissions instead of getuid(),
and shouldn't be needed anyway.  However, I don't have the SCCS repository
(yet), so I can't see why it was introduced - it has been there (in slightly
changing incarnation) since 4.4 lite.

Your user/group suggestion looks good - too bad operator is screwed up.

Eivind.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message