Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 05 Oct 1999 06:48:57 -0700
From:      Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To:        Mike Nowlin <mike@argos.org>
Cc:        Hank Leininger <hlein@progressive-comp.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] 
Message-ID:  <199910051349.GAA17277@cwsys.cwsent.com>
In-Reply-To: Your message of "Tue, 05 Oct 1999 02:52:27 EDT." <Pine.LNX.4.05.9910050245560.30830-100000@jason.argos.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <Pine.LNX.4.05.9910050245560.30830-100000@jason.argos.org>, 
Mike Now
lin writes:
> 
> > owned by root or the UID/EUID of the process.  This is what Solar
> > Designer's patches for Linux have done for some time now.  It seems to
> > break little (nothing, except POSIX? ;) and is quite effective.  SolarD's
> 
> Not sure if your comment SAID that it breaks POSIX or not, but in this day
> and age of trying to come up with a standard that people can both believe
> in and rely on, "breaking POSIX" isn't something that should be taken too
> lightly.  Although there's a lot of quirks and overall dumbness in POSIX,
> the rules were meant for a reason.  I don't claim to be a POSIX expert,
> but if this did break one of the guidelines, it would be a shame to have
> to come back in three or four years and say "Linux and FreeBSD?  Well,
> they're sort of POSIX-compliant, but they screwed it up by....."  
> 
> Maybe there's some other (better) way to solve this problem?

Any justified deviations from POSIX should have a sysctl or login.conf 
knob and be documented or even produce a warning when an insecure POSIX 
feature is enabled.  I think this way we can have our cake and eat it 
too.


Regards,                       Phone:  (250)387-8437
Cy Schubert                      Fax:  (250)387-5766
Sun/DEC Team, UNIX Group    Internet:  Cy.Schubert@uumail.gov.bc.ca
ITSD                                   Cy.Schubert@gems8.gov.bc.ca
Province of BC
                      "e**(i*pi)+1=0"





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199910051349.GAA17277>