Date: Tue, 22 Dec 1998 13:43:23 +1300 (NZDT) From: Andrew McNaughton <andrew@squiz.co.nz> To: Eivind Eklund <eivind@yes.no> Cc: Cliff Skolnick <cliff@steam.com>, Matt Dillon <dillon@FreeBSD.ORG>, security@FreeBSD.ORG Subject: Re: cvs commit: src/etc rc.conf Message-ID: <Pine.BSF.4.05.9812221337040.23019-100000@aniwa.sky> In-Reply-To: <19981222000242.H14124@follo.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 22 Dec 1998, Eivind Eklund wrote: > On Mon, Dec 21, 1998 at 01:51:20PM -0800, Cliff Skolnick wrote: > > This sandbox stuff is starting to worry me :( > > > > The more FreeBSD changes stock daemons used on many other UNIX systems the > > harder it will be to respond to know bugs. For denial of service attacks > > often the sandbox will not help, if the daemon dumps core or becomes > > unusable it doesn't matter what UID it was. > > > > The sandbox changes a fundamental design of UNIX, and makes FreeBSD > > "different" than other UNIX systems. The difference in the short term may > > be more security, but in the long term FreeBSD daemons could become > > hopelessly out of sync with standard daemon distributions over time. It's > > one thing to change a few permissions and directory names, it's completely > > different to start passing file descriptors (which is only mildly portable) > > via a coprocess. > > We track BIND from Vixie. If we're going to do this sort of changes, > we will at least attempt to get it integrated in the standard > distribution. There will not be any large-scale patches that make it > difficult to track the standard distribution. Yes there's a problem when things get too different from other unix implementations, but this is a valuable extension to traditional unix. Is it possible to bring the other unixes along? Would it be possible to present a standard interface spec designed to be implemented on other platforms also? Andrew McNaughton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9812221337040.23019-100000>