Date: Fri, 15 Nov 2002 11:13:13 +0200 From: Sheldon Hearn <sheldonh@starjuice.net> To: Soeren Schmidt <sos@spider.deepcore.dk> Cc: freebsd-current@FreeBSD.ORG Subject: Re: /dev/acd*t* no longer available in -current? Message-ID: <20021115091313.GK76728@starjuice.net> In-Reply-To: <200211150848.gAF8muEU060773@spider.deepcore.dk> References: <20021115084430.GI76728@starjuice.net> <200211150848.gAF8muEU060773@spider.deepcore.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On (2002/11/15 09:48), Soeren Schmidt wrote: > > Don't you think it makes more sense for the kernel to start off with > > more restrictive permissions, and have the administrator determine > > whether more restrictive permissions are appropriate? > > Actually no I dont. > The security aware admin will know (or should that be "should know" :) ) > what to do to make a system secure. > The avarage user that uses FreeBSD dont, and will get confused if the CDROM > device doesn't appear to work (ie writeprotected). Well I think this goes against the grain of much of the work that's happened recently. Look at how sysinstall now defaults to installing an inetd.conf with no services enabled. Look at how sshd doesn't allow root login or empty passwords by default. Look at how IPFW defaults to deny all. Look at how the floppy drive is inaccessible to anyone but root by default. And so on and so forth. Ciao, Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021115091313.GK76728>