Date: Thu, 16 Apr 1998 22:19:21 -0700 (PDT) From: dima@best.net (Dima Ruban) To: mph@pobox.com (Matthew Hunt) Cc: dima@best.net, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <199804170519.WAA12540@burka.rdy.com> In-Reply-To: <19980417005408.08278@mph124.rh.psu.edu> from Matthew Hunt at "Apr 17, 98 00:54:08 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Hunt writes: > On Thu, Apr 16, 1998 at 08:40:22PM -0700, Dima Ruban wrote: > > > 1. Debugging symbols and symbol table - user doesn't need that. > > 2. Possible kernel configuration - questionable. > > 3. Kernel namelist - user doesn't need that. > > 4. Kernel copy with possible commercial stuff - user doesn't need that. > > 5. Kernel copy with possible restricted/crypto - user doesn't need that. > > My complaint, and I think the general complaint of people disagreeing > with you, is that you are not setting policy at your site, you are > setting policy on all FreeBSD boxes, as-shipped. It's not about setting policy. It's about being reasonable. > Why are you in a position to decide what users, at thousands of sites > besides your own, do or do not need to know? Many of the arguments > you have made could be applied to making /bin/ls mode 111 as well, > since nobody *needs* to look at that. Right. The only difference is - no harm could be done with being able to read /bin/ls (or possible bad things) > There is a heritage, or intertia, that says we should keep things like > they are, unless there is a clear reason to do otherwise. You, What heritage? You mean the amount of people what don't want this change? I can tell you that more people agreed with me in either private email or responding to the mailing list than disagree. > therefore, are the one in the position to justify the change, and it > does not seem to me like you have done so. Again. There's a difference between "potential problem" and "security hole". This is not a security hole, but a potential problem (theoretically possible even). If this doesn't break anything, why in the hell shouldn't we have it? "Don't fix that ain't broke" is not an answer. > > My $0.02. I think, I've already went over 10 bucks :-) > > -- > Matthew Hunt <mph@pobox.com> * Stay close to the Vorlon. > http://mph124.rh.psu.edu/~mph/pgp.key for PGP public key 0x67203349. > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804170519.WAA12540>