Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 27 Jul 2000 11:14:55 -0400 (EDT)
From:      Robert Watson <rwatson@freebsd.org>
To:        "Jacques A. Vidrine" <n@nectar.com>
Cc:        John Polstra <jdp@polstra.com>, arch@freebsd.org
Subject:   Re: How much security should ldconfig enforce?
Message-ID:  <Pine.NEB.3.96L.1000727111119.93015D-100000@fledge.watson.org>
In-Reply-To: <20000727075027.C8974@hamlet.nectar.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 27 Jul 2000, Jacques A. Vidrine wrote:

> On Wed, Jul 26, 2000 at 07:36:13PM -0700, John Polstra wrote:
> > 3. It could default to strictly secure but accept a command-line
> > option to relax the constraints.  And an rc.conf knob could be added
> > to control whether or not it was strict at boot time.
> 
> I like this option, but the knob should be compile-time, IMHO.

I would support either the "revert" or (3) option, but definitely not
support this being a compile-time flag.  I should not have to recompile
the operating system to allow our netsec group to have a /netsec/lib with
different maintainers for different operating systems.  Especially in NFS
environments, placing requirements on permissions and ownership for
directories is a very poor idea.  In general, the UNIX mechanism has been
to implement tools, but not policies, for which we already have quite a
sufficient discretionary access control mechanism.  In general, we don't
check permissions on the /etc directory, we assume that it is set
correctly during the install, and that if the user wants to change it,
that is their perogative.  The same goes for group files, etc.  In the
future, once we have a mandatory access control policy, integrity
protection can be used to protect users from shared libraries of low
integrity.

So my preference here is: permissions and ownership in the base install
are fine.  The default compile (and preferably install) should allow users
to include group-writable shared library paths, if not world-writable
paths.  Consider our adduser implementation: each user is in their own
group anyway :-).

  Robert N M Watson 

robert@fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1000727111119.93015D-100000>