Date: Sat, 24 Jul 1999 15:00:03 -0700 (PDT) From: Tim Vanderhoek <vanderh@ecf.utoronto.ca> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/3546 Message-ID: <199907242200.PAA76602@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/3546; it has been noted by GNATS. From: Tim Vanderhoek <vanderh@ecf.utoronto.ca> To: freebsd-gnats-submit@FreeBSD.org Cc: Subject: Re: bin/3546 Date: Sat, 24 Jul 1999 17:55:39 -0400 On Sat, Jul 24, 1999 at 11:24:39AM -0600, Nate Williams wrote: > > > > PR bin/3546 asks that `ktrace(1)' not be allowed on files that do not have > > read permissions for the user attempting to execute them. > > > > The intent of this change is to prevent a user from seeing how an > > executable with '--x--x--x' perms works by ktrace'ing its execution. > > > > My question to the -hackers is: is this a useful semantic? Would it break > > anything if added? > > If we make kernel auditing based upon KTRACE (which may or may not > happen), this is not a useful change since we need to be able to 'audit' > system calls regardless of whether or not KTRACE is used. If this kind > of addition is done, then it'll have to be removed since system auditing > must occur and be essentially 'independant' of what options are used. > > If adding auditing has a negative effect on the successful completion of > a system call, then it's not going to be used. (There are certain > things that can't be avoided, such as additional CPU/memory use, but it > should not effect whether or not the syscall is completed.) > > Also, I believe that KTRACE should be allowed since security through > obscurity isn't a good reason to avoid letting the user see the > syscall. If security is an issue, KTRACE shouldn't be in the system > kernel. > > > Nate > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message -- -- This is my .signature which gets appended to the end of my messages. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907242200.PAA76602>