From owner-freebsd-security  Mon Dec 21 17:14:55 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id RAA24413
          for freebsd-security-outgoing; Mon, 21 Dec 1998 17:14:55 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from aniwa.sky (p42-max7.wlg.ihug.co.nz [209.79.142.170])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA24399;
          Mon, 21 Dec 1998 17:14:38 -0800 (PST)
          (envelope-from andrew@squiz.co.nz)
Received: from localhost (andrew@localhost)
	by aniwa.sky (8.8.8/8.8.7) with ESMTP id NAA23983;
	Tue, 22 Dec 1998 13:43:23 +1300 (NZDT)
	(envelope-from andrew@squiz.co.nz)
Date: Tue, 22 Dec 1998 13:43:23 +1300 (NZDT)
From: Andrew McNaughton <andrew@squiz.co.nz>
X-Sender: andrew@aniwa.sky
Reply-To: andrew@squiz.co.nz
To: Eivind Eklund <eivind@yes.no>
cc: Cliff Skolnick <cliff@steam.com>, Matt Dillon <dillon@FreeBSD.ORG>,
        security@FreeBSD.ORG
Subject: Re: cvs commit: src/etc rc.conf
In-Reply-To: <19981222000242.H14124@follo.net>
Message-ID: <Pine.BSF.4.05.9812221337040.23019-100000@aniwa.sky>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Tue, 22 Dec 1998, Eivind Eklund wrote:

> On Mon, Dec 21, 1998 at 01:51:20PM -0800, Cliff Skolnick wrote:
> > This sandbox stuff is starting to worry me :(
> > 
> > The more FreeBSD changes stock daemons used on many other UNIX systems the
> > harder it will be to respond to know bugs.  For denial of service attacks
> > often the sandbox will not help, if the daemon dumps core or becomes
> > unusable it doesn't matter what UID it was.
> > 
> > The sandbox changes a fundamental design of UNIX, and makes FreeBSD
> > "different" than other UNIX systems.  The difference in the short term may
> > be more security, but in the long term FreeBSD daemons could become
> > hopelessly out of sync with standard daemon distributions over time.  It's
> > one thing to change a few permissions and directory names, it's completely
> > different to start passing file descriptors (which is only mildly portable)
> > via a coprocess.
> 
> We track BIND from Vixie.  If we're going to do this sort of changes,
> we will at least attempt to get it integrated in the standard
> distribution.  There will not be any large-scale patches that make it
> difficult to track the standard distribution.

Yes there's a problem when things get too different from other unix
implementations, but this is a valuable extension to traditional unix.  

Is it possible to bring the other unixes along? Would it be possible to
present a standard interface spec designed to be implemented on other
platforms also?

Andrew McNaughton


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message