Date: Sun, 18 Mar 2001 00:57:52 +0000 From: Brian Somers <brian@Awfulhak.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Brian Somers <brian@Awfulhak.org>, Warner Losh <imp@harmony.village.org>, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, freebsd-arch@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: flags settings for modules Message-ID: <200103180057.f2I0vqm56252@hak.lan.Awfulhak.org> In-Reply-To: Message from Kris Kennaway <kris@obsecurity.org> of "Sat, 17 Mar 2001 16:35:40 PST." <20010317163540.A5397@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've always seen schg as an anti-foot-shooting device..if you > accidentally spam that file and don't have any other kernels around, > you're screwed. If you spam modules, you're probably less screwed > (though you still might be). $ ls -lo /etc/*p*wd* -rw------- 1 root wheel - 2466 Mar 6 17:48 /etc/master.passwd -rw-r--r-- 1 root wheel - 2027 Mar 6 17:48 /etc/passwd -rw-r--r-- 1 root wheel - 40960 Mar 6 17:48 /etc/pwd.db -rw------- 1 root wheel - 40960 Mar 6 17:48 /etc/spwd.db There's more than one foot waiting to be shot. I think this sort of half-baked protection should really be turn-on-and-offable somewhere (maybe /etc/make.conf) and shouldn't be on by default. I'm not arguing that there are no good usages for file flags. I'm just saying that I think everything we've done with them in the base system so far is .... surprising. I find it a bit embarrassing. > Kris -- Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> <http://www.Awfulhak.org> <brian@[uk.]OpenBSD.org> Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103180057.f2I0vqm56252>