From owner-freebsd-hackers  Wed Oct  6 12:26: 2 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id 394A615330
	for <FreeBSD-Hackers@FreeBSD.ORG>; Wed,  6 Oct 1999 12:25:59 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id MAA87484;
	Wed, 6 Oct 1999 12:25:15 -0700 (PDT)
	(envelope-from dillon)
Date: Wed, 6 Oct 1999 12:25:15 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199910061925.MAA87484@apollo.backplane.com>
To: Joe Abley <jabley@patho.gen.nz>
Cc: "Daniel C. Sobral" <dcs@newsguy.com>,
	Conrad Minshall <conrad@apple.com>,
	FreeBSD Hackers <FreeBSD-Hackers@FreeBSD.ORG>
Subject: Re: Apple's planned appoach to permissions on movable filesystems
References: <199910052119.OAA24627@scv1.apple.com> <l03130303b420f0176999@[17.202.43.185]> <37FB5A53.3E016EFA@newsguy.com> <19991007073435.A20998@patho.gen.nz>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

:Show me a disk that's _not_ removable. By your logic we would have _no_
:sguid/sgid binaries _ever._
:
:Physical access to a machine is always a security risk. Why would you
:treat easily-removable media any differently to slightly-harder-to-remove
:media? You still need to break into the vault to remove them.
:
:Joe

    Well, I don't think this is a very fair argument.  There are plenty of
    situations where you might want to differentiate, even with physical 
    access.

    For example, take PC's in a library.  Lets say that the PC's get all
    their critical stuff via read-only NFS mounts, but the library wants
    to allow people to import and export files via the floppy drive.  In
    this example, there is a very definite distinction between a filesystem
    on the floppy drive and 'everything else'.

    Even when you throw a hard drive in, just because someone has physical
    access to the outside of the machine does not necessarily mean that
    he has physical access to the inside of the machine.  Take, for example,
    a supervised machine or machine which is 'locked down' and has a bios
    password installed.  

    While it is certainly true that a person could eventually get physical
    access into the machine, it is a significantly more difficult task and
    therefore a significant distinction still exists between the data stored
    on the hard drive and stored in, say, a floppy.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message