Date: Thu, 27 Jul 2000 15:48:05 +0200 From: Neil Blakey-Milner <nbm@mithrandr.moria.org> To: "Jacques A. Vidrine" <n@nectar.com> Cc: John Polstra <jdp@polstra.com>, arch@freebsd.org Subject: Re: How much security should ldconfig enforce? Message-ID: <20000727154804.A47282@mithrandr.moria.org> In-Reply-To: <20000727083920.A9036@hamlet.nectar.com>; from n@nectar.com on Thu, Jul 27, 2000 at 08:39:20AM -0500 References: <XFMail.000726193613.jdp@polstra.com> <20000727075027.C8974@hamlet.nectar.com> <20000727145247.A46416@mithrandr.moria.org> <20000727083920.A9036@hamlet.nectar.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu 2000-07-27 (08:39), Jacques A. Vidrine wrote: > > You expect someone to check out sources and recompile the program to > > make it secure when you can instead use a command line option? > > No, I expect by default that it be built in secure mode. > > I expect that if someone wants to shoot herself in the foot, she can > twiddle make.conf and rebuild from source to disable this option. I don't think we should make policy decisions that require people to go off and bend over backwards to do something that isn't necessarily insecure. Otherwise, people will do horrible things with sudo and start giving out passwords, since that'll be easier than escaping our policy. If it's an option, then when that person uses the option, they know what they're doing. The extra 54 bytes is not going to be missed by anyone. While we're providing a safety net by overriding root's ability to do stupid things, we're also blatantly overriding root's ability to do what we consider to be stupid things but which aren't necessarily stupid things. Neil -- Neil Blakey-Milner Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000727154804.A47282>