Date: Wed, 26 Jul 2000 21:12:47 +0400 From: "Andrey A. Chernov" <ache@nagual.pp.ru> To: Nate Williams <nate@yogotech.com> Cc: Bill Fumerola <billf@chimesnet.com>, "Jordan K. Hubbard" <jkh@zippy.osd.bsdi.com>, Peter Wemm <peter@netplex.com.au>, Warner Losh <imp@village.org>, Marcel Moolenaar <marcel@cup.hp.com>, Will Andrews <andrews@technologist.com>, Marcel Moolenaar <marcel@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc Makefile src/include Makefile src/release Makefile src/release/picobsd/build Makefile.mfs src/release/picobsd/custom Makefile.mfs src/release/picobsd/dial Makefile.mfs src/release/picobsd/install Makefile.mfs Message-ID: <20000726211246.A50294@nagual.pp.ru> In-Reply-To: <200007261659.KAA11807@nomad.yogotech.com>; from nate@yogotech.com on Wed, Jul 26, 2000 at 10:59:48AM -0600 References: <200007252213.PAA34677@netplex.com.au> <10733.964597601@localhost> <200007261456.IAA11238@nomad.yogotech.com> <20000726125721.Z51462@jade.chc-chimes.com> <200007261659.KAA11807@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 26, 2000 at 10:59:48AM -0600, Nate Williams wrote: > Gimme a break Bill. Andrey and Warner (as security officer) has already > explained why we're doing things differently. > > If the other OS's choose to be insecure, then let them. We don't always > have to respond to security issues *after* every one else fixes them. To be more concrete, with my -L changes: 1) We keep mtree (as application) the same as in other *BSD camps by default. Mtree as userland application have nothing common with system security issues. 2) With adding -L to building process we handle security problems with directories permissions. I don't know how other *BSD camps handle this. Either they not handle (since they not have -L addition in mtree) or in some different ways. Jordan says that symlinked admins must know what they do, but will be even better to handle it automatically for them since people make mistakes sometimes and security area not the place for experiments. 3) In some cases (as Peter describe) -L not needed for some parts of building process. Ok, just don't use it there. -- Andrey A. Chernov <ache@nagual.pp.ru> http://ache.pp.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000726211246.A50294>