Date: Thu, 16 Apr 1998 10:13:30 +0200 From: Philippe Regnauld <regnauld@deepo.prosa.dk> To: dima@best.net Cc: freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <19980416101330.18307@deepo.prosa.dk> In-Reply-To: <199804160511.WAA03453@burka.rdy.com>; from Dima Ruban on Wed, Apr 15, 1998 at 10:11:28PM -0700 References: <E0yPgmY-0004v7-00@set.spradley.tmi.net> <199804160511.WAA03453@burka.rdy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[Cc: trimmed to a politically correct size]
Dima Ruban writes:
[...]
> Okay. Here's an example. Ever hear of a commertially available drivers?
> When you install such stuff, you don't want somebody to be able to read
> them, or have a copy of kernel with them. Why? Because you did pay for them
> and whoever wants to have an access - didnt.
Commercially available drivers are shiiped in object format.
There's very little chance it's exploitable straight out of the
kernel -- nothing like the sources to said driver.
> Normal users *do not need* to have an read acces to the kernel.
> They simply don't.
I just remember the same discussion, oh about two years
ago, and IIRC, the general idea (from core) was that
it was unnecessary to remove read/exec bits on a file
without a strong motivation -- the reason being,
as mentioned earlier, that "we were not your average
commercial UNIX entity" and didn't share the "Pentagon"
approach.
BUT, things may have changed in the meantime:
1) The Jerk/Hacker ratio has unfortunately increased these
last years
2) FreeBSD is increasingly known as an ISP platform
("reliability, security, efficiency", pick _three_) --
Thus, removing the read bits on the kernel MIGHT make
sense for the out-of-the-box configuration that
Mr.ISP will be using, if for some God-obscure reason
he wishes to have shell accounts on his machine.
Then again, we are (hopefully) all grown up enough
to make our own security policy, _including_ writing
shell scripts that once-and-for-all do the appropriate
changes on *our* system.
<CHEAP STAB>
I also remember an argument being, "Ah, we don't want to
start doing like the Linux people who set everything they
can to 440"
</CHEAP STAB>
:-)
> Do you need any other examples?
Yes:
Preventing things in the eventual (unproven) fear that
they could be exploited in some way (not necessarily
security) is, IMHO, "change for the sake of change".
If you can prove me wrong regarding the "commercially available"
driver mentioned above, I'll shut up :-)
> What's the deal with arguing on such a simply issue?
Oh, BSD conservatism, cast-in-stone code, superstition
and old grumpy hackers ?
--
-[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
«Pluto placed his bad dog at the entrance of Hades to keep the dead
IN and the living OUT! The archetypical corporate firewall?»
- S. Kelly Bootle, ("MYTHOLOGY", in Marutukku distrib)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980416101330.18307>