Date: Thu, 7 Oct 1999 07:34:35 +1300 From: Joe Abley <jabley@patho.gen.nz> To: "Daniel C. Sobral" <dcs@newsguy.com> Cc: Conrad Minshall <conrad@apple.com>, FreeBSD Hackers <FreeBSD-Hackers@FreeBSD.ORG> Subject: Re: Apple's planned appoach to permissions on movable filesystems Message-ID: <19991007073435.A20998@patho.gen.nz> In-Reply-To: <37FB5A53.3E016EFA@newsguy.com>; from Daniel C. Sobral on Wed, Oct 06, 1999 at 11:18:59PM %2B0900 References: <199910052119.OAA24627@scv1.apple.com> <l03130303b420f0176999@[17.202.43.185]> <37FB5A53.3E016EFA@newsguy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Oct 06, 1999 at 11:18:59PM +0900, Daniel C. Sobral wrote: > One would better assume that files available over NFS will be read > by anyone who wants, and, likewise, that files available on > removable media will be read by anyone who wants. That side of the > problem does not belong to this discussion. > > [...] > > The question here is how to minimize the cost/benefit ratio of > letting users mount external file systems on their own. At the very > least, the system must never trust that data. Ergo, no suid/sgid. Show me a disk that's _not_ removable. By your logic we would have _no_ sguid/sgid binaries _ever._ Physical access to a machine is always a security risk. Why would you treat easily-removable media any differently to slightly-harder-to-remove media? You still need to break into the vault to remove them. Joe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991007073435.A20998>