Date: Fri, 09 Jul 1999 10:58:08 -0600 From: Warner Losh <imp@village.org> To: Dag-Erling Smorgrav <des@flood.ping.uio.no> Cc: Gustavo V G C Rios <kernel@tdnet.com.br>, security@FreeBSD.ORG, bos-owner-br@sekure.org Subject: Re: suid/guid Message-ID: <199907091658.KAA20551@harmony.village.org> In-Reply-To: Your message of "09 Jul 1999 18:55:12 %2B0200." <xzpso6xrcen.fsf@flood.ping.uio.no> References: <xzpso6xrcen.fsf@flood.ping.uio.no> <3784D440.1075EFB3@tdnet.com.br> <199907091622.KAA20280@harmony.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <xzpso6xrcen.fsf@flood.ping.uio.no> Dag-Erling Smorgrav writes: : I think it would be an excellent idea... it would also make sense to : document how the program will behave if it is not s[ug]id and how much : of the functionality will be lost. Agreed. I'm also starting to think that a system-wide tunable that would turn off almost all of the set[ug]id installation. Almost nobody needs setuidperl, for example. If df is installed w/o setgid operator, almost no functionality is lost. etc. Of course exatly what would be lost would be documented. Comments? Warner P.S. This is more of a failsafe option. As far as I know there are no bugs that will result in an elevated level of privs in the set*id programs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907091658.KAA20551>