Date: Tue, 22 Dec 1998 00:02:42 +0100 From: Eivind Eklund <eivind@yes.no> To: Cliff Skolnick <cliff@steam.com> Cc: Matt Dillon <dillon@FreeBSD.ORG>, security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf Message-ID: <19981222000242.H14124@follo.net> In-Reply-To: <000201be2d2c$0b94baa0$2020a8c0@icarus.internal.steam.com>; from Cliff Skolnick on Mon, Dec 21, 1998 at 01:51:20PM -0800 References: <19981221163532.G14124@follo.net> <000201be2d2c$0b94baa0$2020a8c0@icarus.internal.steam.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 21, 1998 at 01:51:20PM -0800, Cliff Skolnick wrote: > This sandbox stuff is starting to worry me :( > > The more FreeBSD changes stock daemons used on many other UNIX systems the > harder it will be to respond to know bugs. For denial of service attacks > often the sandbox will not help, if the daemon dumps core or becomes > unusable it doesn't matter what UID it was. > > The sandbox changes a fundamental design of UNIX, and makes FreeBSD > "different" than other UNIX systems. The difference in the short term may > be more security, but in the long term FreeBSD daemons could become > hopelessly out of sync with standard daemon distributions over time. It's > one thing to change a few permissions and directory names, it's completely > different to start passing file descriptors (which is only mildly portable) > via a coprocess. We track BIND from Vixie. If we're going to do this sort of changes, we will at least attempt to get it integrated in the standard distribution. There will not be any large-scale patches that make it difficult to track the standard distribution. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981222000242.H14124>