Date: Fri, 17 Apr 1998 01:02:22 +0200 (CEST) From: Mikael Karpberg <karpen@ocean.campus.luth.se> To: tsprad@set.spradley.tmi.net (Ted Spradley) Cc: stable@FreeBSD.ORG, freebsd-security@FreeBSD.ORG Subject: Re: kernel permissions Message-ID: <199804162302.BAA15315@ocean.campus.luth.se> In-Reply-To: <E0yPx1m-0005qz-00@set.spradley.tmi.net> from Ted Spradley at "Apr 16, 98 05:21:06 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
According to Ted Spradley: > > Excuse me? What are they (users) going to do with kernel name list > > besides attempting to hack your machine? > > No, you've missed Mr. Tweten's point. You don't get to ask. *You* have > to prove that there's *nothing* else they could get from reading the > kernel. > > Furthermore, it's not obvious to me what they could get from reading it > that would allow them to "hack your machine". > > > They can't really use it anyway. > > It would be a nuisance to me if I had to su root to do the "strings > /kernel | grep '^___' " thing. You don't have to, just chmod it once. Quite frankly, why don't you all spend your energys doing something sane instead of going on and on about this? And I have to agree with Dima, the more secure the better. Wanna hear a reall good argument? It's easy to forget to frob all the 1000 small knobs that "you can frob on YOUR machine if you want it secure". It's however quite easy to remember to chmod it when you or one of your users gets annoyed at not being able to read it. It annoys you the first time, but you su, chmod, and exit. Nothing more to it. You simply will not forget to, because it will not let you. I definitely don't mind a change that doesn't affect any programs negatively, if it has a chance of making the system at least a bit more secure. /Mikael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199804162302.BAA15315>