From owner-freebsd-security@FreeBSD.ORG  Sun Jul 27 05:26:41 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DE9F137B401
	for <freebsd-security@freebsd.org>;
	Sun, 27 Jul 2003 05:26:41 -0700 (PDT)
Received: from cicero2.cybercity.dk (cicero2.cybercity.dk [212.242.40.53])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 35E1343F75
	for <freebsd-security@freebsd.org>;
	Sun, 27 Jul 2003 05:26:41 -0700 (PDT)
	(envelope-from db@traceroute.dk)
Received: from user1.cybercity.dk (fxp0.user1.ip.cybercity.dk [212.242.41.34])
	by cicero2.cybercity.dk (Postfix) with ESMTP
	id 33B0E18F43B; Sun, 27 Jul 2003 14:26:39 +0200 (CEST)
Received: from main (port132.ds1-arsy.adsl.cybercity.dk [212.242.239.73])
	by user1.cybercity.dk (Postfix) with SMTP
	id 2ABE368ADB; Sun, 27 Jul 2003 14:26:38 +0200 (CEST)
Date: Sun, 27 Jul 2003 14:36:00 +0200
From: Socketd <db@traceroute.dk>
To: hawkeyd@visi.com, freebsd-security@freebsd.org
Message-Id: <20030727143600.1517c588.db@traceroute.dk>
In-Reply-To: <20030727112933.GA6135@sheol.localdomain>
References: <00d601c3539a$91576a40$3501a8c0@pro.sk>
	<20030726235710.GD4105@cirb503493.alcatel.com.au>
	<20030727132847.5adc6b07.db@traceroute.dk>
	<20030727112933.GA6135@sheol.localdomain>
X-Mailer: Sylpheed version 0.8.10claws (GTK+ 1.2.10; i386-portbld-freebsd4.8)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: suid bit files + securing FreeBSD (new program: LockDown)
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Jul 2003 12:26:42 -0000

On Sun, 27 Jul 2003 06:29:33 -0500
D J Hawkey Jr <hawkeyd@visi.com> wrote:

> This looks like a good idea, to me.

Great :-)

> Your plan is to incorporate this into/for rc.conf, and your program
> would be run at boot?

It is meant to be installed from the port collection and then executed
once, but you can of course run it as many times you want (but if you
haven't changed the sytem, since the last time you ran it, this makes no
sense). 

> What language do you think you'll use (hopefully,
> something supported by the base OS, e.g., not ruby, modula, or perl)?

I use C++

br
db