From owner-freebsd-stable  Thu Apr 16 22:55:51 1998
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA00658
          for freebsd-stable-outgoing; Thu, 16 Apr 1998 22:55:51 -0700 (PDT)
          (envelope-from owner-freebsd-stable@FreeBSD.ORG)
Received: from mph124.rh.psu.edu (mph@MPH124.rh.psu.edu [128.118.126.83])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA00532;
          Fri, 17 Apr 1998 05:55:17 GMT
          (envelope-from mph@mph124.rh.psu.edu)
Received: (from mph@localhost)
	by mph124.rh.psu.edu (8.8.8/8.8.8) id BAA06596;
	Fri, 17 Apr 1998 01:55:06 -0400 (EDT)
	(envelope-from mph)
Message-ID: <19980417015505.15073@mph124.rh.psu.edu>
Date: Fri, 17 Apr 1998 01:55:05 -0400
From: Matthew Hunt <mph@pobox.com>
To: Robert Watson <robert+freebsd@cyrus.watson.org>,
        Dima Ruban <dima@best.net>
Cc: stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG
Subject: Re: kernel permissions
Mail-Followup-To: Robert Watson <robert+freebsd@cyrus.watson.org>,
	Dima Ruban <dima@best.net>, stable@FreeBSD.ORG,
	freebsd-security@FreeBSD.ORG
References: <199804170519.WAA12540@burka.rdy.com> <Pine.BSF.3.96.980417013537.8952E-100000@trojanhorse.pr.watson.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.89i
In-Reply-To: <Pine.BSF.3.96.980417013537.8952E-100000@trojanhorse.pr.watson.org>; from Robert Watson on Fri, Apr 17, 1998 at 01:45:29AM -0400
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk

On Fri, Apr 17, 1998 at 01:45:29AM -0400, Robert Watson wrote:

> Anyhow, if there is sufficient interest in the project, I'd like to try
> and get it off the ground.  Presumably, some changes might work their way
> back into the default distribution.  If we lose no significant
> functionality, it cannot hurt to restrict priveledges.  It may help us
> when those unpredicted vulnerabilities do turn up.  

It sounds to me like a wothwhile project, even though I would be
unlikely to use it myself.  I do question the idea of making it
part of the ports system, because the idea of ports modifying the
base system seems like a considerable departure from the rest of
the ports collection.

I can't be persuaded that a world-readable kernel can ever present
a problem (the real problem would have to be in some other software)
and Dima is unlikely to be persuaded to my point of view.  I see
a pattern in my future: "make install", forget to change the perms
to 444, reboot, kick myself (since I run with securelevel=1), swear
to remember next time, and repeat the cycle. :-)

-- 
Matthew Hunt <mph@pobox.com> * Stay close to the Vorlon.
http://mph124.rh.psu.edu/~mph/pgp.key for PGP public key 0x67203349.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message