From owner-freebsd-hackers Wed Oct 6 11:36:52 1999 Delivered-To: freebsd-hackers@freebsd.org Received: from tardis.patho.gen.nz (tardis.patho.gen.nz [203.97.2.226]) by hub.freebsd.org (Postfix) with ESMTP id 23D3A15751 for ; Wed, 6 Oct 1999 11:36:40 -0700 (PDT) (envelope-from jabley@tardis.patho.gen.nz) Received: (from jabley@localhost) by tardis.patho.gen.nz (8.9.3/8.9.3) id HAA27533; Thu, 7 Oct 1999 07:34:35 +1300 (NZDT) Date: Thu, 7 Oct 1999 07:34:35 +1300 From: Joe Abley To: "Daniel C. Sobral" Cc: Conrad Minshall , FreeBSD Hackers Subject: Re: Apple's planned appoach to permissions on movable filesystems Message-ID: <19991007073435.A20998@patho.gen.nz> References: <199910052119.OAA24627@scv1.apple.com> <37FB5A53.3E016EFA@newsguy.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.5i In-Reply-To: <37FB5A53.3E016EFA@newsguy.com>; from Daniel C. Sobral on Wed, Oct 06, 1999 at 11:18:59PM +0900 X-Files: the Truth is Out There Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, Oct 06, 1999 at 11:18:59PM +0900, Daniel C. Sobral wrote: > One would better assume that files available over NFS will be read > by anyone who wants, and, likewise, that files available on > removable media will be read by anyone who wants. That side of the > problem does not belong to this discussion. > > [...] > > The question here is how to minimize the cost/benefit ratio of > letting users mount external file systems on their own. At the very > least, the system must never trust that data. Ergo, no suid/sgid. Show me a disk that's _not_ removable. By your logic we would have _no_ sguid/sgid binaries _ever._ Physical access to a machine is always a security risk. Why would you treat easily-removable media any differently to slightly-harder-to-remove media? You still need to break into the vault to remove them. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message