From owner-freebsd-current Fri Nov 15 4:27:20 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E05837B401 for ; Fri, 15 Nov 2002 04:27:18 -0800 (PST) Received: from obsecurity.dyndns.org (adsl-63-207-60-146.dsl.lsan03.pacbell.net [63.207.60.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BFBD43E3B for ; Fri, 15 Nov 2002 04:27:12 -0800 (PST) (envelope-from kris@obsecurity.org) Received: from rot13.obsecurity.org (rot13.obsecurity.org [10.0.0.5]) by obsecurity.dyndns.org (Postfix) with ESMTP id E597B66D9C; Fri, 15 Nov 2002 04:27:11 -0800 (PST) Received: by rot13.obsecurity.org (Postfix, from userid 1000) id E7DDC1250; Fri, 15 Nov 2002 04:29:50 -0800 (PST) Date: Fri, 15 Nov 2002 04:29:50 -0800 From: Kris Kennaway To: Soeren Schmidt Cc: Sheldon Hearn , freebsd-current@FreeBSD.ORG Subject: Re: /dev/acd*t* no longer available in -current? Message-ID: <20021115122950.GA16194@rot13.obsecurity.org> References: <20021115084430.GI76728@starjuice.net> <200211150848.gAF8muEU060773@spider.deepcore.dk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wRRV7LY7NUeQGEoC" Content-Disposition: inline In-Reply-To: <200211150848.gAF8muEU060773@spider.deepcore.dk> User-Agent: Mutt/1.4i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --wRRV7LY7NUeQGEoC Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Nov 15, 2002 at 09:48:56AM +0100, Soeren Schmidt wrote: > It seems Sheldon Hearn wrote: > > On (2002/11/14 19:27), Soeren Schmidt wrote: > >=20 > > > > - insecure permissions. Among other holes, these allowed the world= to > > > > erase cd-rw's. > > >=20 > > > Use rc.devfs for that as it was intended. > >=20 > > Don't you think it makes more sense for the kernel to start off with > > more restrictive permissions, and have the administrator determine > > whether more restrictive permissions are appropriate? >=20 > Actually no I dont. > The security aware admin will know (or should that be "should know" :) ) > what to do to make a system secure. That's a particularly uncompelling argument. Kris --wRRV7LY7NUeQGEoC Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE91Oi9Wry0BWjoQKURAoqkAKDEZZvxpE/YIGr6KIQrndtzYXX0egCgu3M1 RMbPMuqX1es4JN+AQ2Fz2Kw= =VI5j -----END PGP SIGNATURE----- --wRRV7LY7NUeQGEoC-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message