From owner-cvs-all Wed Apr 25 13: 3:44 2001 Delivered-To: cvs-all@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 597C937B422; Wed, 25 Apr 2001 13:03:40 -0700 (PDT) (envelope-from robert@fledge.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.3/8.11.3) with SMTP id f3PK3uf40705; Wed, 25 Apr 2001 16:03:56 -0400 (EDT) (envelope-from robert@fledge.watson.org) Date: Wed, 25 Apr 2001 16:03:56 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org To: Warner Losh Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/conf Makefile.alpha Makefile.i386 Makefile.ia64 Makefile.pc98 In-Reply-To: <200104252000.f3PK04826409@harmony.village.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 25 Apr 2001, Warner Losh wrote: > In message Robert Watson writes: > : Better yet, disable the setting of flags. :-) > > I'd love to do that. Would people support me? It seems to come up every now and then. Frankly, I'd like to see them disabled by default, as they break install onto a variety of non-FFS file systems, in jail(), and cause a lot of POLA. And they offer no real benefit in the default install (arguably you might be able to configure securelevels to do what they claim, but it will require a lot more thank sprinkling noschg on a few kernel modules). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message