Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 26 Jul 2000 21:12:47 +0400
From:      "Andrey A. Chernov" <ache@nagual.pp.ru>
To:        Nate Williams <nate@yogotech.com>
Cc:        Bill Fumerola <billf@chimesnet.com>, "Jordan K. Hubbard" <jkh@zippy.osd.bsdi.com>, Peter Wemm <peter@netplex.com.au>, Warner Losh <imp@village.org>, Marcel Moolenaar <marcel@cup.hp.com>, Will Andrews <andrews@technologist.com>, Marcel Moolenaar <marcel@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/etc Makefile src/include Makefile src/release Makefile src/release/picobsd/build Makefile.mfs src/release/picobsd/custom Makefile.mfs src/release/picobsd/dial Makefile.mfs src/release/picobsd/install Makefile.mfs
Message-ID:  <20000726211246.A50294@nagual.pp.ru>
In-Reply-To: <200007261659.KAA11807@nomad.yogotech.com>; from nate@yogotech.com on Wed, Jul 26, 2000 at 10:59:48AM -0600
References:  <200007252213.PAA34677@netplex.com.au> <10733.964597601@localhost> <200007261456.IAA11238@nomad.yogotech.com> <20000726125721.Z51462@jade.chc-chimes.com> <200007261659.KAA11807@nomad.yogotech.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 26, 2000 at 10:59:48AM -0600, Nate Williams wrote:
> Gimme a break Bill.  Andrey and Warner (as security officer) has already
> explained why we're doing things differently.
> 
> If the other OS's choose to be insecure, then let them.  We don't always
> have to respond to security issues *after* every one else fixes them.

To be more concrete, with my -L changes:

1) We keep mtree (as application) the same as in other *BSD camps by
default. Mtree as userland application have nothing common with system
security issues.

2) With adding -L to building process we handle security problems with
directories permissions. I don't know how other *BSD camps handle this.
Either they not handle (since they not have -L addition in mtree) or in
some different ways. Jordan says that symlinked admins must know what they
do, but will be even better to handle it automatically for them since
people make mistakes sometimes and security area not the place for
experiments.

3) In some cases (as Peter describe) -L not needed for some parts of
building process. Ok, just don't use it there.

-- 
Andrey A. Chernov
<ache@nagual.pp.ru>
http://ache.pp.ru/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000726211246.A50294>