From owner-freebsd-current@FreeBSD.ORG Wed Feb 22 08:56:02 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7327516A420 for ; Wed, 22 Feb 2006 08:56:02 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (xorpc.icir.org [192.150.187.68]) by mx1.FreeBSD.org (Postfix) with ESMTP id 3446643D46 for ; Wed, 22 Feb 2006 08:56:02 +0000 (GMT) (envelope-from rizzo@icir.org) Received: from xorpc.icir.org (localhost [127.0.0.1]) by xorpc.icir.org (8.12.11/8.12.11) with ESMTP id k1M8u1oU076677 for ; Wed, 22 Feb 2006 00:56:01 -0800 (PST) (envelope-from rizzo@xorpc.icir.org) Received: (from rizzo@localhost) by xorpc.icir.org (8.12.11/8.12.3/Submit) id k1M8u1q0076676 for current@freebsd.org; Wed, 22 Feb 2006 00:56:01 -0800 (PST) (envelope-from rizzo) Date: Wed, 22 Feb 2006 00:56:01 -0800 From: Luigi Rizzo To: current@freebsd.org Message-ID: <20060222005601.A76538@xorpc.icir.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i Cc: Subject: proposed /sbin/init permission change X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Feb 2006 08:56:02 -0000 objections to this change to /sbin/init/Makefile so that /sbin/init is installed with normal (555) modes ? Using mode 500 makes it unreadable from nfs-exported filesystems (as those that one can use in a diskless environment). There is no privacy issue with the content of /sbin/init to justify making it unreadable, and the first two lines if (getuid() != 0) errx(1, "%s", strerror(EPERM)); prevent non-root execution anyways. BTW this would apply to -stable as well. I have already made this request multiple times over time (i think the first time was back in 1999 when i started working with diskless environments) with no answer. cheers luigi > cvs diff -u Makefile Index: Makefile =================================================================== RCS file: /home/ncvs/src/sbin/init/Makefile,v retrieving revision 1.32 diff -u -r1.32 Makefile --- Makefile 11 Jan 2005 14:34:29 -0000 1.32 +++ Makefile 22 Feb 2006 08:55:02 -0000 @@ -4,7 +4,6 @@ PROG= init MAN= init.8 MLINKS= init.8 securelevel.8 -BINMODE=500 PRECIOUSPROG= INSTALLFLAGS=-b -B.bak WARNS?= 6