Date: Thu, 07 Oct 1999 05:03:55 +0900 From: "Daniel C. Sobral" <dcs@newsguy.com> To: Joe Abley <jabley@patho.gen.nz> Cc: Conrad Minshall <conrad@apple.com>, FreeBSD Hackers <FreeBSD-Hackers@FreeBSD.ORG> Subject: Re: Apple's planned appoach to permissions on movable filesystems Message-ID: <37FBAB2B.9DA092DD@newsguy.com> References: <199910052119.OAA24627@scv1.apple.com> <l03130303b420f0176999@[17.202.43.185]> <37FB5A53.3E016EFA@newsguy.com> <19991007073435.A20998@patho.gen.nz>
next in thread | previous in thread | raw e-mail | index | archive | help
Joe Abley wrote: > > On Wed, Oct 06, 1999 at 11:18:59PM +0900, Daniel C. Sobral wrote: > > One would better assume that files available over NFS will be read > > by anyone who wants, and, likewise, that files available on > > removable media will be read by anyone who wants. That side of the > > problem does not belong to this discussion. > > > > [...] > > > > The question here is how to minimize the cost/benefit ratio of > > letting users mount external file systems on their own. At the very > > least, the system must never trust that data. Ergo, no suid/sgid. > > Show me a disk that's _not_ removable. By your logic we would have _no_ > sguid/sgid binaries _ever._ Please, don't give me this crap. "Removable media" is a very well-defined terminology. > Physical access to a machine is always a security risk. Why would you > treat easily-removable media any differently to slightly-harder-to-remove > media? You still need to break into the vault to remove them. Why? Because in latter case you do not expect users to remove (or insert, which is that case above) media in the system, except as a serious breach in physical security, and in the former case you *EXPECT* and *PROVIDE THE MEANS FOR* the user change the media. That makes all the difference. -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org "I always feel generous when I'm in the inner circle of a conspiracy to subvert the world order and, with a small group of allies, just defeated an alien invasion. Maybe I should value myself a little more?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37FBAB2B.9DA092DD>