From owner-freebsd-security  Sun Oct  1  2:33: 8 2000
Delivered-To: freebsd-security@freebsd.org
Received: from smtp02.iafrica.com (smtp02.iafrica.com [196.7.0.140])
	by hub.freebsd.org (Postfix) with ESMTP
	id 7E3C437B502; Sun,  1 Oct 2000 02:33:02 -0700 (PDT)
Received: from [196.7.18.138] (helo=grimreaper.grondar.za ident=root)
	by smtp02.iafrica.com with esmtp (Exim 1.92 #1)
	id 13ffTw-000H7Y-00; Sun, 1 Oct 2000 11:32:28 +0200
Received: from grimreaper.grondar.za (mark@localhost [127.0.0.1])
	by grimreaper.grondar.za (8.11.0/8.11.0) with ESMTP id e919WRl00389;
	Sun, 1 Oct 2000 11:32:28 +0200 (SAST)
	(envelope-from mark@grimreaper.grondar.za)
Message-Id: <200010010932.e919WRl00389@grimreaper.grondar.za>
To: Robert Watson <rwatson@FreeBSD.ORG>
Cc: Warner Losh <imp@village.org>,
	Jordan Hubbard <jkh@winston.osd.bsdi.com>, security@FreeBSD.ORG
Subject: Re: Security and FreeBSD, my overall perspective 
References: <Pine.NEB.3.96L.1000930190059.44353B-100000@fledge.watson.org> 
In-Reply-To: <Pine.NEB.3.96L.1000930190059.44353B-100000@fledge.watson.org> ; from Robert Watson <rwatson@FreeBSD.ORG>  "Sat, 30 Sep 2000 19:05:51 -0400."
Date: Sun, 01 Oct 2000 11:32:26 +0200
From: Mark Murray <mark@grondar.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

> Exposure:
> 
> Whether or not the application should, in normal use, be exposed to data
> of untrusted origin (e-mail, data files from untrusted users, socket
> connections in or out-bound, etc).
> 
>   - Intended to be run with exposure to untrusted environments
>   - Not intended to run with exposure to untrusted environments

This is policy - we should not mess with that, I don't think. _Everything_
in Unix sees an untrusted environment is the assumption.

> Auditing:
> 
> Whether or not the application has been audited by FreeBSD security
> developers, or other trusted parties.
> 
>   - Known decent
>   - Unknown
>   - Known bad

I'd make this:

	- Known good
	- Believed good
	- Unknown
	- Believed bad
	- Known bad

> Privilege:
> 
> What amount of privilege and access this code will be run as, determining
> the level of damage possible as a result of an exploit.
> 
>   - Run with elevated privilege
>   - Run by normal users
>   - Run sandboxed

Right. This takes over the "exposure" item above.

M
--
Mark Murray
Join the anti-SPAM movement: http://www.cauce.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message