From owner-freebsd-stable Thu Apr 16 22:55:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA00658 for freebsd-stable-outgoing; Thu, 16 Apr 1998 22:55:51 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from mph124.rh.psu.edu (mph@MPH124.rh.psu.edu [128.118.126.83]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id FAA00532; Fri, 17 Apr 1998 05:55:17 GMT (envelope-from mph@mph124.rh.psu.edu) Received: (from mph@localhost) by mph124.rh.psu.edu (8.8.8/8.8.8) id BAA06596; Fri, 17 Apr 1998 01:55:06 -0400 (EDT) (envelope-from mph) Message-ID: <19980417015505.15073@mph124.rh.psu.edu> Date: Fri, 17 Apr 1998 01:55:05 -0400 From: Matthew Hunt To: Robert Watson , Dima Ruban Cc: stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Mail-Followup-To: Robert Watson , Dima Ruban , stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG References: <199804170519.WAA12540@burka.rdy.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.89i In-Reply-To: ; from Robert Watson on Fri, Apr 17, 1998 at 01:45:29AM -0400 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk On Fri, Apr 17, 1998 at 01:45:29AM -0400, Robert Watson wrote: > Anyhow, if there is sufficient interest in the project, I'd like to try > and get it off the ground. Presumably, some changes might work their way > back into the default distribution. If we lose no significant > functionality, it cannot hurt to restrict priveledges. It may help us > when those unpredicted vulnerabilities do turn up. It sounds to me like a wothwhile project, even though I would be unlikely to use it myself. I do question the idea of making it part of the ports system, because the idea of ports modifying the base system seems like a considerable departure from the rest of the ports collection. I can't be persuaded that a world-readable kernel can ever present a problem (the real problem would have to be in some other software) and Dima is unlikely to be persuaded to my point of view. I see a pattern in my future: "make install", forget to change the perms to 444, reboot, kick myself (since I run with securelevel=1), swear to remember next time, and repeat the cycle. :-) -- Matthew Hunt * Stay close to the Vorlon. http://mph124.rh.psu.edu/~mph/pgp.key for PGP public key 0x67203349. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message