From owner-freebsd-hackers  Thu Sep  9  0: 9: 1 1999
Delivered-To: freebsd-hackers@freebsd.org
Received: from cain.gsoft.com.au (genesi.lnk.telstra.net [139.130.136.161])
	by hub.freebsd.org (Postfix) with ESMTP id 0FB981515B
	for <freebsd-hackers@FreeBSD.ORG>; Thu,  9 Sep 1999 00:08:53 -0700 (PDT)
	(envelope-from doconnor@gsoft.com.au)
Received: from cain.gsoft.com.au (doconnor@cain [203.38.152.97])
	by cain.gsoft.com.au (8.8.8/8.8.8) with ESMTP id QAA23723;
	Thu, 9 Sep 1999 16:37:23 +0930 (CST)
	(envelope-from doconnor@gsoft.com.au)
Message-ID: <XFMail.990909163723.doconnor@gsoft.com.au>
X-Mailer: XFMail 1.3 [p0] on FreeBSD
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: multipart/signed;
 boundary="_=XFMail.1.3.p0.FreeBSD:990909163723:656=_";
 micalg=pgp-md5; protocol="application/pgp-signature"
In-Reply-To: <NCBBJEDMMDOPOMPDEKBPGEFIDDAA.doogie@anet-stl.com>
Date: Thu, 09 Sep 1999 16:37:23 +0930 (CST)
From: "Daniel O'Connor" <doconnor@gsoft.com.au>
To: Jason Young <doogie@anet-stl.com>
Subject: RE: CS Project
Cc: Gustavo V G C Rios <grios@ddsecurity.com.br>,
	freebsd-hackers@FreeBSD.ORG, chris@calldei.com
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

This message is in MIME format
--_=XFMail.1.3.p0.FreeBSD:990909163723:656=_
Content-Type: text/plain; charset=us-ascii


On 09-Sep-99 Jason Young wrote:
>  After some thought, I think the mount option idea is best. I hadn't
>  thought of that before. One might want to apply different procfs
>  security policies to different mounts of procfs, especially in a
>  jail() situation. Good call.

Yeah, you'd have to make sure procfs doesn't mind being mounted multiple times,
something I'm not sure is true.

>  This would make the change transparent to both users and developers.
>  SGID can still be removed - a developer/debugger will already be root
>  or have had to chown the dump/kernel files to do any debugging.

My thought too :)

>  It would be mild bloat, but disk is cheap, and a disk space to
>  debugging ease tradeoff has already been made (to the tune of several
>  megs!) by the decision to build debug kernels by default. I agree with
>  that. One could also #ifdef the kvm version.

Yeah.. well I await the patches 8-)

---
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum

--_=XFMail.1.3.p0.FreeBSD:990909163723:656=_
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.3ia

iQCVAwUBN9dcq1bYW/HEoF9pAQFcOAQAnZ0OX4ykcsZsklHdBkC8r4x4SK3sW0oE
QN5FeGJPb9Tf6lFk8s+LMExZIgv8Kd6zgD42MTWtYV4XVJdOLZzfcc2DEqfQE8Cw
qAdCpawPTewnBBZH3vvs0amSuMxxRjiCDHSIE70OmCPlvlefOna4TNgg67t4BfFf
/vwKpNdutrc=
=5/NI
-----END PGP MESSAGE-----

--_=XFMail.1.3.p0.FreeBSD:990909163723:656=_--
End of MIME message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message