From owner-freebsd-arch  Wed Apr 24 22:27:17 2002
Delivered-To: freebsd-arch@freebsd.org
Received: from darius.concentric.net (darius.concentric.net [207.155.198.79])
	by hub.freebsd.org (Postfix) with ESMTP id C97ED37B419
	for <freebsd-arch@freebsd.org>; Wed, 24 Apr 2002 22:27:13 -0700 (PDT)
Received: from newman.concentric.net (newman.concentric.net [207.155.198.71])
	by darius.concentric.net [Concentric SMTP Routing 1.0] id g3P5RCw08228 
        for <freebsd-arch@freebsd.org.>; Thu, 25 Apr 2002 01:27:12 -0400 (EDT)
Received: from localhost ([64.3.150.191])
	by newman.concentric.net (8.9.1a)
	id BAA05457; Thu, 25 Apr 2002 01:27:11 -0400 (EDT)
Date: Wed, 24 Apr 2002 22:26:56 -0700
Mime-Version: 1.0 (Apple Message framework v481)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Subject: Fwd: NOSUID and NOSUID_prog make knobs
From: Jason DiCioccio <jd@bluenugget.net>
To: freebsd-arch@freebsd.org
Content-Transfer-Encoding: 7bit
Message-Id: <0F346F4F-580D-11D6-8E6E-00039390808C@bluenugget.net>
X-Mailer: Apple Mail (2.481)
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-arch.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-arch>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-arch>
X-Loop: FreeBSD.ORG

Granularity is wanted, at least by me and others I have spoken to.  I 
don't know if it is best to clutter make.conf or if there is a better 
place, or a new place, that these knobs could be placed.  However, if 
you're going to provide the flexibility I would think you should go all 
the way with it.  Perhaps provide some canned sets, and/or the ability 
to make 'groups' of binaries in the configuration but there definitely 
has to be the ability to configure it to the level of individual 
binaries.

IMHO :)

Cheers,
-JD-

On Wednesday, April 24, 2002, at 08:17 PM, Johan Karlsson wrote:

> In the discussion on -security I got the impression that the
> granularity is wanted.
>
> There are currently 29 suid and 14 sgid bits set it Makefile:s
> that would be effected by this.
> Some of them make sence to group togather e.g. lpr, ping, etc
>
> I think it just makes more sence to provide all of them
> (some grouped) than to only have 1 knob for all of them.
>
> /Johan K
>
> On Wed, Apr 24, 2002 at 19:17 (-0700) +0000, David O'Brien wrote:
>>
>> Either do them all, or none.  This flag per binary does not scale, nor 
>> do
>> I see any significant portion of our userbase utilizing the 
>> granularity.

----
Useless .sig


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message