From owner-freebsd-hackers Wed Jun 4 19:56:59 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id TAA00464 for hackers-outgoing; Wed, 4 Jun 1997 19:56:59 -0700 (PDT) Received: from ethanol.gnu.ai.mit.edu (joelh@ethanol.gnu.ai.mit.edu [128.52.46.64]) by hub.freebsd.org (8.8.5/8.8.5) with SMTP id TAA00453 for ; Wed, 4 Jun 1997 19:56:57 -0700 (PDT) Received: by ethanol.gnu.ai.mit.edu (8.6.12/8.6.12GNU) id WAA20227; Wed, 4 Jun 1997 22:56:44 -0400 Date: Wed, 4 Jun 1997 22:56:44 -0400 Message-Id: <199706050256.WAA20227@ethanol.gnu.ai.mit.edu> To: bde@zeta.org.au CC: freebsd-hackers@FreeBSD.ORG In-reply-to: <199706042003.GAA15194@godzilla.zeta.org.au> (message from Bruce Evans on Thu, 5 Jun 1997 06:03:37 +1000) Subject: Re: tty_snoop: why check uid? From: Joel Ray Holveck Reply-to: joelh@gnu.ai.mit.edu Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >>Why does the snp device check to make sure that the user invoking it >>is root, instead of letting the admin set the permissions on the >>device to whatever he feels appropriate? >I think it is because system-supported security holes should be as >small as possible. An admin has to explicitly change the permissions to enable this hole. I have a button that says, "Unix doesn't stop you from doing stupid things because that would stop you from doing clever things." Cheers, joelh -- http://www.wp.com/piquan --- Joel Ray Holveck --- joelh@gnu.ai.mit.edu All my opinions are my own, not the Free Software Foundation's. Second law of programming: Anything that can go wrong wi sendmail: segmentation violation -- core dumped