Date: Wed, 17 Sep 1997 13:42:15 -0700 From: Alan Batie <batie@agora.rdrop.com> To: hackers@FreeBSD.ORG Subject: Re: login classes Message-ID: <19970917134215.10062@agora.rdrop.com> In-Reply-To: <199709171931.MAA04286@hub.freebsd.org>; from owner-hackers-digest@FreeBSD.ORG on Wed, Sep 17, 1997 at 12:31:03PM -0700 References: <199709171931.MAA04286@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--ibTvN161/egqYuK8 Content-Type: text/plain; charset=us-ascii > From: "John S. Dyson" <toor@dyson.iquest.net> > Date: Wed, 17 Sep 1997 04:18:24 -0500 (EST) > Subject: Re: login classes > > I think that we should apply the philosophy of 'least surprise' to the > default config. Every system has a slightly different login-class > mechanism (if any.) I think that wide-open (or nearly so) would be > the 'least surprise.' Intelligent sysops, system administrators or > vertical product suppliers will each have different needs for default > limits. I think that the defaults should be 'intelligently high.' While I'm not sure I disagree with this, I think it's beside the point. When I first started running X/FreeBSD on my main desktop at work, I quickly ran into the login class limits and increased them. I have no problem with that. The problem is with all the bazillion daemons that don't know how to handle resetting resource limits when they change user id's --- and I'm not sure they should. Aside from the fact that one should always think long and hard before breaking backward compatibility and requiring lots of things to be ported to work properly, there's also the argument that one should minimize the amount of hacking one has to do on security related issues. Seeing the code in some of these daemons, I'd rather not complicate any further what they have to do to switch uid's or anything else relating to security. -- Alan Batie ______ It's not my fault! It's some guy batie@agora.rdrop.com \ / named "General Protection"! +1 503 452-0960 \ / --Ratbert PGP FP: DE 3C 29 17 C0 49 \/ 7A 27 40 A5 3C 37 4A DA 52 B9 It is my policy to avoid purchase of any products from companies which use unrequested email advertisements or telephone solicitation. --ibTvN161/egqYuK8 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNCBApIv4wNua7QglAQFDvAP9HvGkfAK0nrtiJvreFv0Tp9dTwN+opT2P 0YvxEEZ8fqM3SMwUXdMRMV2vKRfKN2mci8JDTMxGhDurdQ9+6v6/9Zk9cwNYN3C2 LdOGuPB/CBQ0nr8HkTxeWXostb38XyfQ50xExlTZhRKp/pHDHcjvggLnxJLLpDOT JWqWjXyjOOg= =w4Zh -----END PGP SIGNATURE----- --ibTvN161/egqYuK8--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19970917134215.10062>