Date: Fri, 17 Dec 1999 01:06:17 +0200 (EET) From: mika ruohotie <bsdsec@shadows.aeon.net> To: peter.jeremy@alcatel.com.au (Peter Jeremy) Cc: mike@sentex.net (Mike Tancsa), freebsd-security@FreeBSD.ORG Subject: Re: setuid revisited (was Re: From BugTraq - FreeBSD 3.3 xsoldier root exploit (fwd) ) Message-ID: <199912162306.BAA15160@shadows.aeon.net> In-Reply-To: <99Dec17.091851est.40344@border.alcanet.com.au> from Peter Jeremy at "Dec 17, 1999 09:27:18 am"
next in thread | previous in thread | raw e-mail | index | archive | help
> >Even the main tree seems a big permissive for some applications (in my > >case, an ISP). > Much of this is really that our install approach doesn't allow fine [snip] > > Similarly, I dont think my users need access to vmstat > Probably not, but that depends on what you want to let your users do. exactly. i think it's not a good idea to make the default installation much too restrictive. if one is about to use freebsd (or any other unix) as a shell server, they have to harden the box anyway. and about everyone i know in the "business", like to do things slightly different. the default installation should leave the machine still _usable_ without assuming the user wishes to abuse root for everything. personally, i much rather hang around as user, and i _do_ use things like vmstat _lots_ in my boxen. all of which only allow _very_ limited access _into_ the machine. sure, all kinds of installation options sound nice, but they might be too hard to implement, specially since the audience for which they'd be, prefer mainly do things _themselves_ without click&drool gimmics. and i know things that i've just said have been repeated all over this list, and other lists. > Peter mickey -- company: SAUNALAHDEN SERVERI >>>^<<< Network Development email: mika.ruohotie@saunalahti.fi /?\ System Administrator www: www.saunalahti.fi | | .??.??????.????.??.??????.????.?????.??.oOOOo.??.?????.??.?????.??.????.??. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199912162306.BAA15160>