From owner-freebsd-stable Thu Apr 16 23:45:41 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id XAA13924 for freebsd-stable-outgoing; Thu, 16 Apr 1998 23:45:41 -0700 (PDT) (envelope-from owner-freebsd-stable@FreeBSD.ORG) Received: from burka.rdy.com (dima@burka.rdy.com [205.149.163.30]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id GAA13888; Fri, 17 Apr 1998 06:45:31 GMT (envelope-from dima@burka.rdy.com) Received: by burka.rdy.com id XAA13015; (8.8.8/RDY) Thu, 16 Apr 1998 23:45:26 -0700 (PDT) Message-Id: <199804170645.XAA13015@burka.rdy.com> Subject: Re: kernel permissions (part II) In-Reply-To: <19980417015505.15073@mph124.rh.psu.edu> from Matthew Hunt at "Apr 17, 98 01:55:05 am" To: mph@pobox.com (Matthew Hunt) Date: Thu, 16 Apr 1998 23:45:26 -0700 (PDT) Cc: robert+freebsd@cyrus.watson.org, dima@best.net, stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG X-Class: Fast Organization: HackerDome Reply-To: dima@best.net From: dima@best.net (Dima Ruban) X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk Matthew Hunt writes: > On Fri, Apr 17, 1998 at 01:45:29AM -0400, Robert Watson wrote: > > > Anyhow, if there is sufficient interest in the project, I'd like to try > > and get it off the ground. Presumably, some changes might work their way > > back into the default distribution. If we lose no significant > > functionality, it cannot hurt to restrict priveledges. It may help us > > when those unpredicted vulnerabilities do turn up. > > It sounds to me like a wothwhile project, even though I would be > unlikely to use it myself. I do question the idea of making it It actually depends on what are you using FreeBSD for. Of course you don't really need it if you use you machine as a desktop, or in one/few user production enviroment. (No need to argue, it's just a basic point) > part of the ports system, because the idea of ports modifying the > base system seems like a considerable departure from the rest of > the ports collection. About having this in ports - I don't think so, and I doubt Satoshi will disagree with me. > I can't be persuaded that a world-readable kernel can ever present > a problem (the real problem would have to be in some other software) Absolutely. That's why I've called it a "potential problem" > and Dima is unlikely to be persuaded to my point of view. I see > a pattern in my future: "make install", forget to change the perms > to 444, reboot, kick myself (since I run with securelevel=1), swear > to remember next time, and repeat the cycle. :-) :-) I don't see a good way of adjusting this. That why I was pointing that this change ton't break anything. Speaking about improving security. How about change like this (I didn't implement it yet, but it's not be a big deal). Right now we have a mount flag "nosuid". It serves it's mission, but I'd love to have some flexibility on this. Example is ISP enviroment (again :-). You want to allow users to have suid to them programs, but at the same time you feel bad about having suid programs for uids less than something (let's say 100). How about to implement this? Via mount options or something else? Let's say, one wants to allow users to have suid programs, if uid on suid program is greater than N and less than M. How does it sound? > > -- > Matthew Hunt * Stay close to the Vorlon. > http://mph124.rh.psu.edu/~mph/pgp.key for PGP public key 0x67203349. > -- dima To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message