From owner-freebsd-security Tue Oct 5 6:50:45 1999 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 0DFF614F8A for ; Tue, 5 Oct 1999 06:50:42 -0700 (PDT) (envelope-from cy@cschuber.net.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id GAA22353; Tue, 5 Oct 1999 06:49:40 -0700 Received: from cschuber.net.gov.bc.ca(142.31.240.113), claiming to be "cwsys.cwsent.com" via SMTP by point.osg.gov.bc.ca, id smtpda22351; Tue Oct 5 06:49:34 1999 Received: (from uucp@localhost) by cwsys.cwsent.com (8.9.3/8.9.1) id GAA17277; Tue, 5 Oct 1999 06:49:28 -0700 (PDT) Message-Id: <199910051349.GAA17277@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdv17273; Tue Oct 5 06:48:57 1999 X-Mailer: exmh version 2.0.2 2/24/98 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-OS: FreeBSD 3.3-RELEASE X-Sender: cy To: Mike Nowlin Cc: Hank Leininger , freebsd-security@FreeBSD.ORG Subject: Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] In-reply-to: Your message of "Tue, 05 Oct 1999 02:52:27 EDT." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 05 Oct 1999 06:48:57 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message , Mike Now lin writes: > > > owned by root or the UID/EUID of the process. This is what Solar > > Designer's patches for Linux have done for some time now. It seems to > > break little (nothing, except POSIX? ;) and is quite effective. SolarD's > > Not sure if your comment SAID that it breaks POSIX or not, but in this day > and age of trying to come up with a standard that people can both believe > in and rely on, "breaking POSIX" isn't something that should be taken too > lightly. Although there's a lot of quirks and overall dumbness in POSIX, > the rules were meant for a reason. I don't claim to be a POSIX expert, > but if this did break one of the guidelines, it would be a shame to have > to come back in three or four years and say "Linux and FreeBSD? Well, > they're sort of POSIX-compliant, but they screwed it up by....." > > Maybe there's some other (better) way to solve this problem? Any justified deviations from POSIX should have a sysctl or login.conf knob and be documented or even produce a warning when an insecure POSIX feature is enabled. I think this way we can have our cake and eat it too. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Sun/DEC Team, UNIX Group Internet: Cy.Schubert@uumail.gov.bc.ca ITSD Cy.Schubert@gems8.gov.bc.ca Province of BC "e**(i*pi)+1=0" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message