Date: Wed, 25 Apr 2001 13:07:59 -0700 From: Kris Kennaway <kris@obsecurity.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: Warner Losh <imp@harmony.village.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/conf Makefile.alpha Makefile.i386 Makefile.ia64 Makefile.pc98 Message-ID: <20010425130758.A79694@xor.obsecurity.org> In-Reply-To: <Pine.NEB.3.96L.1010425160211.40560A-100000@fledge.watson.org>; from rwatson@FreeBSD.org on Wed, Apr 25, 2001 at 04:03:56PM -0400 References: <200104252000.f3PK04826409@harmony.village.org> <Pine.NEB.3.96L.1010425160211.40560A-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--u3/rZRmxL6MmkK24 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 25, 2001 at 04:03:56PM -0400, Robert Watson wrote: > On Wed, 25 Apr 2001, Warner Losh wrote: >=20 > > In message <Pine.NEB.3.96L.1010425101646.34527A-100000@fledge.watson.or= g> Robert Watson writes: > > : Better yet, disable the setting of flags. :-) > >=20 > > I'd love to do that. Would people support me?=20 >=20 > It seems to come up every now and then. Frankly, I'd like to see them > disabled by default, as they break install onto a variety of non-FFS file > systems, in jail(), and cause a lot of POLA. And they offer no real > benefit in the default install (arguably you might be able to configure > securelevels to do what they claim, but it will require a lot more thank > sprinkling noschg on a few kernel modules).=20 Well, I've been saved from a trashed system more than once by the schg flag on libc..the only real benefit they have is as an anti-foot-shooting device, but they do pretty well at that. Kris --u3/rZRmxL6MmkK24 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE65y6eWry0BWjoQKURAjGRAKCqKdaT5vRNX+99BxbvLsp2kWeMbwCg7oaJ U+IZKTaVm8KZoZqK5pSnmts= =KXuQ -----END PGP SIGNATURE----- --u3/rZRmxL6MmkK24-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010425130758.A79694>