From owner-freebsd-arch  Mon Nov 29 19:54:28 1999
Delivered-To: freebsd-arch@freebsd.org
Received: from ns1.yes.no (ns1.yes.no [195.204.136.10])
	by hub.freebsd.org (Postfix) with ESMTP id 9A08515719
	for <freebsd-arch@freebsd.org>; Mon, 29 Nov 1999 19:54:22 -0800 (PST)
	(envelope-from eivind@bitbox.follo.net)
Received: from bitbox.follo.net (bitbox.follo.net [195.204.143.218])
	by ns1.yes.no (8.9.3/8.9.3) with ESMTP id EAA27513
	for <freebsd-arch@freebsd.org>; Tue, 30 Nov 1999 04:54:22 +0100 (CET)
Received: (from eivind@localhost)
	by bitbox.follo.net (8.8.8/8.8.6) id EAA68294
	for freebsd-arch@freebsd.org; Tue, 30 Nov 1999 04:54:21 +0100 (MET)
Received: by hub.freebsd.org (Postfix, from userid 758)
	id CA72B1578E; Mon, 29 Nov 1999 19:53:09 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	by hub.freebsd.org (Postfix) with ESMTP
	id BDDB61CD736; Mon, 29 Nov 1999 19:53:09 -0800 (PST)
	(envelope-from kris@hub.freebsd.org)
Date: Mon, 29 Nov 1999 19:53:09 -0800 (PST)
From: Kris Kennaway <kris@hub.freebsd.org>
To: "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
Cc: Matthew Dillon <dillon@apollo.backplane.com>,
	Dan Moschuk <dan@freebsd.org>, arch@freebsd.org, audit@freebsd.org
Subject: Re: cvs commit: src/sys/i386/conf files.i386 src/sys/kern kern_fork.c
 src/sys/libkern arc4random.c src/sys/sys libkern.h 
In-Reply-To: <88174.943927150@zippy.cdrom.com>
Message-ID: <Pine.BSF.4.21.9911291950390.65191-100000@hub.freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-arch@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Mon, 29 Nov 1999, Jordan K. Hubbard wrote:

> That's highly arguable.  We provide secure levels, for example, but if
> we turned them on to any appreciable degree then people's X servers
> wouldn't work because we have no aperture driver.  Would it be correct
> in the general case?  Yes.  Would it be correct for workstation users?
> No.  Such is also the case in numerous other situations and it really
> is a question of providing mechanisms which people can use selectively,
> not just in providing the best "out of box" security defaults.

This would fall under my preferred policy, which you didn't quote, namely
"turn on everything which doesn't have a negative impact, and providing
an easy mechanism to enable everything else". Preventing X from running is
something many (though not all :) people would consider negative :-)

Kris





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message