From owner-cvs-all  Tue Apr 23  9:10:19 2002
Delivered-To: cvs-all@freebsd.org
Received: from espresso.q9media.com (espresso.q9media.com [216.254.138.122])
	by hub.freebsd.org (Postfix) with ESMTP
	id 2950337B404; Tue, 23 Apr 2002 09:10:04 -0700 (PDT)
Received: (from mike@localhost)
	by espresso.q9media.com (8.11.6/8.11.6) id g3NG9nk29732;
	Tue, 23 Apr 2002 12:09:49 -0400 (EDT)
	(envelope-from mike)
Date: Tue, 23 Apr 2002 12:09:49 -0400
From: Mike Barcroft <mike@FreeBSD.org>
To: "M. Warner Losh" <imp@village.org>
Cc: nectar@FreeBSD.org, phk@critter.freebsd.dk, wollman@lcs.mit.edu,
	cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/sys/kern kern_descrip.c kern_exec.c src/sys/sys filedesc.h
Message-ID: <20020423120949.G72727@espresso.q9media.com>
References: <20020423104722.D72727@espresso.q9media.com> <20020423152003.GB28750@madman.nectar.cc> <20020423114052.F72727@espresso.q9media.com> <20020423.095226.96600629.imp@village.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20020423.095226.96600629.imp@village.org>; from imp@village.org on Tue, Apr 23, 2002 at 09:52:26AM -0600
Organization: The FreeBSD Project
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

M. Warner Losh <imp@village.org> writes:
> In message: <20020423114052.F72727@espresso.q9media.com>
>             Mike Barcroft <mike@FreeBSD.org> writes:
> : Yes, at the cost of breaking conforming applications -- even if they
> : haven't been invented yet.  I don't have any objections to your hack
> : being left in place until the base system can be audited or even in
> : the long term if its made into a kernel option.
> 
> The "it breaks strict standards conformance" is much less important
> than "users are using this standards conformance to leverage higher
> privs."  You need a better argument than that if you are going to have
> the changes reverted.  Sorry.  We already break standards conformance
> for setuid/setgid programs in a number of subtle ways to preclude them
> from gaining higher privs.

Again, I don't mind this being a kernel option.  Even if it's turned
on by default, or we use a reverse kernel option to turn it off.

A user should be able to choose the security policy of his/her system.
If that means one has to add `option POSIX_SETUGID_HANDLING', that's
fine, but to force a security policy down a user's throat, I think, is
wrong.  This applies to Robert's comments as well.

Best regards,
Mike Barcroft

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message