Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 11 Aug 2000 21:45:47 +0200 (SAT)
From:      John Hay <jhay@icomtek.co.za>
To:        imp@village.org (Warner Losh)
Cc:        jhay@icomtek.co.za (John Hay), mark@grondar.za (Mark Murray), chris@netmonger.net (Christopher Masto), cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/gnu/usr.bin/perl Makefile
Message-ID:  <200008111945.e7BJjlj58635@zibbi.mikom.csir.co.za>
In-Reply-To: <200008111913.NAA36613@harmony.village.org> from Warner Losh at "Aug 11, 2000 01:13:59 pm"

next in thread | previous in thread | raw e-mail | index | archive | help
> In message <200008111909.e7BJ9cU57765@zibbi.mikom.csir.co.za> John Hay writes:
> : If we really want to be this paranoid, we should think about removing
> : all other suid programs from a standard build too.
> 
> Which ones?

Well I would say anything not essential to allow the administrator to
login the first time. Then he can add/enable the programs he want. :-)
> 
> The current list that I have shows many, relatievly small ones that
> have been well audited and are easy to audit.  Perl isn't easy to
> audit, is huge and has the ability to load arbitrary code (iirc).

I understand this, but the point that I was trying to make is that
FreeBSD installations are supposed to get easier and not more difficult.
To require that you have to get the FreeBSD source just to get a part
of it, is wrong. Then we should rather make it a port/package so that
someone doing a binary installation can just pkg_add it if they want it.

> I do like the idea of installing it mode 0, but worry about hozing
> existing people.  But it would be a failsafe way to hoze them rather
> than the fail unsafe way we might hose them now.

Well with the current way, someone just doing source upgrades is going
to sit with an ever getting older suidperl. :-)

John
-- 
John Hay -- John.Hay@icomtek.csir.co.za


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200008111945.e7BJjlj58635>