Date: Fri, 11 Aug 2000 21:45:47 +0200 (SAT) From: John Hay <jhay@icomtek.co.za> To: imp@village.org (Warner Losh) Cc: jhay@icomtek.co.za (John Hay), mark@grondar.za (Mark Murray), chris@netmonger.net (Christopher Masto), cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/gnu/usr.bin/perl Makefile Message-ID: <200008111945.e7BJjlj58635@zibbi.mikom.csir.co.za> In-Reply-To: <200008111913.NAA36613@harmony.village.org> from Warner Losh at "Aug 11, 2000 01:13:59 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> In message <200008111909.e7BJ9cU57765@zibbi.mikom.csir.co.za> John Hay writes: > : If we really want to be this paranoid, we should think about removing > : all other suid programs from a standard build too. > > Which ones? Well I would say anything not essential to allow the administrator to login the first time. Then he can add/enable the programs he want. :-) > > The current list that I have shows many, relatievly small ones that > have been well audited and are easy to audit. Perl isn't easy to > audit, is huge and has the ability to load arbitrary code (iirc). I understand this, but the point that I was trying to make is that FreeBSD installations are supposed to get easier and not more difficult. To require that you have to get the FreeBSD source just to get a part of it, is wrong. Then we should rather make it a port/package so that someone doing a binary installation can just pkg_add it if they want it. > I do like the idea of installing it mode 0, but worry about hozing > existing people. But it would be a failsafe way to hoze them rather > than the fail unsafe way we might hose them now. Well with the current way, someone just doing source upgrades is going to sit with an ever getting older suidperl. :-) John -- John Hay -- John.Hay@icomtek.csir.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008111945.e7BJjlj58635>