From owner-freebsd-security Fri Jul 9 10: 0:21 1999 Delivered-To: freebsd-security@freebsd.org Received: from rover.village.org (rover.village.org [204.144.255.49]) by hub.freebsd.org (Postfix) with ESMTP id EAB2B15645 for ; Fri, 9 Jul 1999 10:00:16 -0700 (PDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (harmony.village.org [10.0.0.6]) by rover.village.org (8.9.3/8.9.3) with ESMTP id LAA05212; Fri, 9 Jul 1999 11:00:17 -0600 (MDT) (envelope-from imp@harmony.village.org) Received: from harmony.village.org (localhost.village.org [127.0.0.1]) by harmony.village.org (8.9.3/8.8.3) with ESMTP id KAA20551; Fri, 9 Jul 1999 10:58:08 -0600 (MDT) Message-Id: <199907091658.KAA20551@harmony.village.org> To: Dag-Erling Smorgrav Subject: Re: suid/guid Cc: Gustavo V G C Rios , security@FreeBSD.ORG, bos-owner-br@sekure.org In-reply-to: Your message of "09 Jul 1999 18:55:12 +0200." References: <3784D440.1075EFB3@tdnet.com.br> <199907091622.KAA20280@harmony.village.org> Date: Fri, 09 Jul 1999 10:58:08 -0600 From: Warner Losh Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org In message Dag-Erling Smorgrav writes: : I think it would be an excellent idea... it would also make sense to : document how the program will behave if it is not s[ug]id and how much : of the functionality will be lost. Agreed. I'm also starting to think that a system-wide tunable that would turn off almost all of the set[ug]id installation. Almost nobody needs setuidperl, for example. If df is installed w/o setgid operator, almost no functionality is lost. etc. Of course exatly what would be lost would be documented. Comments? Warner P.S. This is more of a failsafe option. As far as I know there are no bugs that will result in an elevated level of privs in the set*id programs. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message