Date: Wed, 06 Oct 1999 23:18:59 +0900 From: "Daniel C. Sobral" <dcs@newsguy.com> To: Conrad Minshall <conrad@apple.com> Cc: FreeBSD Hackers <FreeBSD-Hackers@FreeBSD.ORG> Subject: Re: Apple's planned appoach to permissions on movable filesystems Message-ID: <37FB5A53.3E016EFA@newsguy.com> References: <199910052119.OAA24627@scv1.apple.com> <l03130303b420f0176999@[17.202.43.185]>
next in thread | previous in thread | raw e-mail | index | archive | help
Conrad Minshall wrote: > > At 4:20 AM -0700 10/6/99, Daniel C. Sobral wrote: > > >It is no worse than uid/gid problems with NFS. > > Umm, what is this, FreeBSD-Humor? Thanks for the laugh, and remember, it's > just a nasty old rumor that NFS stands for "No File Security" :-/ This is no joke. When you make a fs "directly" available, there is only one way of providing security: encryption. Otherwise, I have to rely on ensuring the safety of the media, which can be a very difficult proposition. One would better assume that files available over NFS will be read by anyone who wants, and, likewise, that files available on removable media will be read by anyone who wants. That side of the problem does not belong to this discussion. The question here is how to minimize the cost/benefit ratio of letting users mount external file systems on their own. At the very least, the system must never trust that data. Ergo, no suid/sgid. If you rely on users not having any binaries they want on the system as a form of security, and even _think_ of providing user-mountable external media, I must laugh on your face. Thus, it's not so much of a problem of security of the system, beyond the system not trusting a single nibble of that data (and that *includes* not crashing if that fs is inconsistent), but a problem security and convenience for _that_ user. In this light, mixed uid/gid is just an inconvenience (though it can be a hell of an inconvenience). -- Daniel C. Sobral (8-DCS) dcs@newsguy.com dcs@freebsd.org "I always feel generous when I'm in the inner circle of a conspiracy to subvert the world order and, with a small group of allies, just defeated an alien invasion. Maybe I should value myself a little more?" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37FB5A53.3E016EFA>