Date: Thu, 09 Sep 1999 16:37:23 +0930 (CST) From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: Jason Young <doogie@anet-stl.com> Cc: Gustavo V G C Rios <grios@ddsecurity.com.br>, freebsd-hackers@FreeBSD.ORG, chris@calldei.com Subject: RE: CS Project Message-ID: <XFMail.990909163723.doconnor@gsoft.com.au> In-Reply-To: <NCBBJEDMMDOPOMPDEKBPGEFIDDAA.doogie@anet-stl.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This message is in MIME format --_=XFMail.1.3.p0.FreeBSD:990909163723:656=_ Content-Type: text/plain; charset=us-ascii On 09-Sep-99 Jason Young wrote: > After some thought, I think the mount option idea is best. I hadn't > thought of that before. One might want to apply different procfs > security policies to different mounts of procfs, especially in a > jail() situation. Good call. Yeah, you'd have to make sure procfs doesn't mind being mounted multiple times, something I'm not sure is true. > This would make the change transparent to both users and developers. > SGID can still be removed - a developer/debugger will already be root > or have had to chown the dump/kernel files to do any debugging. My thought too :) > It would be mild bloat, but disk is cheap, and a disk space to > debugging ease tradeoff has already been made (to the tune of several > megs!) by the decision to build debug kernels by default. I agree with > that. One could also #ifdef the kvm version. Yeah.. well I await the patches 8-) --- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum --_=XFMail.1.3.p0.FreeBSD:990909163723:656=_ Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.3ia iQCVAwUBN9dcq1bYW/HEoF9pAQFcOAQAnZ0OX4ykcsZsklHdBkC8r4x4SK3sW0oE QN5FeGJPb9Tf6lFk8s+LMExZIgv8Kd6zgD42MTWtYV4XVJdOLZzfcc2DEqfQE8Cw qAdCpawPTewnBBZH3vvs0amSuMxxRjiCDHSIE70OmCPlvlefOna4TNgg67t4BfFf /vwKpNdutrc= =5/NI -----END PGP MESSAGE----- --_=XFMail.1.3.p0.FreeBSD:990909163723:656=_-- End of MIME message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.990909163723.doconnor>