Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Nov 1998 10:56:24 -0800 (PST)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        Marc Slemko <marcs@znep.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Would this make FreeBSD more secure? 
Message-ID:  <199811161856.KAA21617@apollo.backplane.com>
References:   <Pine.BSF.4.05.9811160946180.12077-100000@alive.znep.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
:
:It is easy to say that things don't have to run as root, but for many of
:them that just isn't true without losing functionality.
:
:If sendmail doesn't run as root, you can't deliver user mail to programs.

    What, that's it ?  That's the only thing holding back being able to 
    move sendmail out of root?

:If lpd doesn't run as root, it can't read non-world-readable files printed
:with -s.
:
:etc.  Every few months we go through this.  Sure, some programs can be
:fixed.  But it isn't as easy as magically saying "I don't think this
:program should need root".

    Nobody is saying that a program magically doesn't need root, but you
    seem to be saying "Gee, there's this one option and I am not even going
    to consider fixing it so we can get rid of root permission on this program,
    instead I'm going to use the option as an excuse to not remove root
    perms from the this program".

    I'll tell you something, for a default configuration I would much rather
    remove the -s option (have it print out '-s cannot be used when lpd is
    running in secure mode') then allow lpd to run as root.  I remember using
    -s 15 years ago.  I stopped having to use it around 7 years.  I really
    doubt all that many people need it any more especially with all the 
    file conversion that has to be done in most of today's printer configs.

    There shouldn't even be a discussion here.  It should simply be fixed.

						-Matt

    Matthew Dillon  Engineering, HiWay Technologies, Inc. & BEST Internet 
                    Communications & God knows what else.
    <dillon@backplane.com> (Please include original email in any response)    

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811161856.KAA21617>