Date: Mon, 16 Nov 1998 12:59:09 +0100 From: Andre Albsmeier <andre.albsmeier@mchp.siemens.de> To: Matthew Dillon <dillon@apollo.backplane.com>, Warner Losh <imp@village.org> Cc: Andre Albsmeier <andre.albsmeier@mchp.siemens.de>, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <19981116125909.A28486@internal> In-Reply-To: <199811161055.CAA18393@apollo.backplane.com>; from Matthew Dillon on Mon, Nov 16, 1998 at 02:55:14AM -0800 References: <19981116072937.E969@internal> <19981115192224.A29686@internal> <19981115161548.A23869@internal> <199811151758.JAA15108@apollo.backplane.com> <19981115192224.A29686@internal> <199811152210.PAA01604@harmony.village.org> <199811160658.XAA01912 <
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Nov 16, 1998 at 02:55:14AM -0800, Matthew Dillon wrote: > > : > :This would plug some potential holes in a small number of > :applications. I'm not sure that it is worth it on the effort/return > :front. I can think of only a few programs that might benefit from > :this, and a similar benefit could likely be had with a PAM module that > :talked to a password server which did all the right things. However, > :that too add complexity, which makes it harder to secure things.... > : > :Warner > > There are only a limited number of programs that run as root or are > suid root. Being able to plug even half a dozen of them by removing > their root privilages would be a major win. That is exactly my opinion. I think a program should run with the minimum privileges it really needs to and not more. -Andre To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19981116125909.A28486>