From owner-freebsd-bugs  Tue May 16 02:46:45 1995
Return-Path: bugs-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id CAA04864
          for bugs-outgoing; Tue, 16 May 1995 02:46:45 -0700
Received: from relay.philips.nl (relay.philips.nl [130.144.65.1])
          by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id CAA04858
          for <freebsd-bugs@FreeBSD.org>; Tue, 16 May 1995 02:46:43 -0700
Received: from cnps.lss.cp.philips.com ([130.144.198.1]) by relay.philips.nl (8.6.9/8.6.9-950414) with SMTP id LAA21345; Tue, 16 May 1995 11:43:52 +0200
Received: from kitty.lss.cp.philips.com by cnps.lss.cp.philips.com with smtp
	(Smail3.1.28.1 #1) id m0sBKG7-0000ivC; Tue, 16 May 95 11:53 MET
Received: by kitty.lss.cp.philips.com (Smail3.1.28.1 #1)
	id m0sBJ8d-00020fC; Tue, 16 May 95 11:42 MET DST
Message-Id: <m0sBJ8d-00020fC@kitty.lss.cp.philips.com>
From: guido@kitty.lss.cp.philips.com (Guido van Rooij)
Subject: Re: misc/423: security of sound devices
To: bde@zeta.org.au (Bruce Evans)
Date: Tue, 16 May 1995 11:42:03 +0200 (MET DST)
Cc: pst@Shockwave.COM, wpaul@skynet.ctr.columbia.edu, freebsd-bugs@FreeBSD.org
In-Reply-To: <199505160633.QAA24269@godzilla.zeta.org.au> from "Bruce Evans" at May 16, 95 04:33:04 pm
Reply-To: Guido.vanRooij@nl.cis.philips.com (Guido van Rooij)
X-Mailer: ELM [version 2.4 PL21]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 911       
Sender: bugs-owner@FreeBSD.org
Precedence: bulk

> 
> We have /usr/src/etc/fbtab but it doesn't have enough devices, all
> devices are commented out, and it doesn't get installed.
> 

That's because I gave up after moving the thing around, first from
usr/src/etc to usr/src/share/examples and then back again...:-((

> >If you look at /usr/src/usr.bin/login/login_fbtab.c you'll see the
> >comments that describe what's supposed to happen. Those comments
> >should probably be made into a man page, and a default /etc/fbtab
> 
> We have fbtab.5 and it even gets installed :-).
> 

Yes!

> >file should probably be added to the distribution so people will
> >have some idea that this feature exists.
> 
> The distribution should be as secure as possible by default.  What
> goes wrong if /etc/fbtab is too restrictive?  What is the equivalent
> of `mesg y'?

I agree with that, though an ordinary user should not be hindered by
too restrictive fbtab's.

-Guido