Date: Mon, 29 Nov 1999 19:53:09 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com> Cc: Matthew Dillon <dillon@apollo.backplane.com>, Dan Moschuk <dan@FreeBSD.ORG>, arch@FreeBSD.ORG, audit@FreeBSD.ORG Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c src/sys/libkern arc4random.c src/sys/sys libkern.h Message-ID: <Pine.BSF.4.21.9911291950390.65191-100000@hub.freebsd.org> In-Reply-To: <88174.943927150@zippy.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 29 Nov 1999, Jordan K. Hubbard wrote: > That's highly arguable. We provide secure levels, for example, but if > we turned them on to any appreciable degree then people's X servers > wouldn't work because we have no aperture driver. Would it be correct > in the general case? Yes. Would it be correct for workstation users? > No. Such is also the case in numerous other situations and it really > is a question of providing mechanisms which people can use selectively, > not just in providing the best "out of box" security defaults. This would fall under my preferred policy, which you didn't quote, namely "turn on everything which doesn't have a negative impact, and providing an easy mechanism to enable everything else". Preventing X from running is something many (though not all :) people would consider negative :-) Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.9911291950390.65191-100000>