Date: Sun, 18 Mar 2001 00:57:52 +0000 From: Brian Somers <brian@Awfulhak.org> To: Kris Kennaway <kris@obsecurity.org> Cc: Brian Somers <brian@Awfulhak.org>, Warner Losh <imp@harmony.village.org>, Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>, freebsd-arch@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: flags settings for modules Message-ID: <200103180057.f2I0vqm56252@hak.lan.Awfulhak.org> In-Reply-To: Message from Kris Kennaway <kris@obsecurity.org> of "Sat, 17 Mar 2001 16:35:40 PST." <20010317163540.A5397@mollari.cthul.hu>
next in thread | previous in thread | raw e-mail | index | archive | help
> I've always seen schg as an anti-foot-shooting device..if you
> accidentally spam that file and don't have any other kernels around,
> you're screwed. If you spam modules, you're probably less screwed
> (though you still might be).
$ ls -lo /etc/*p*wd*
-rw------- 1 root wheel - 2466 Mar 6 17:48 /etc/master.passwd
-rw-r--r-- 1 root wheel - 2027 Mar 6 17:48 /etc/passwd
-rw-r--r-- 1 root wheel - 40960 Mar 6 17:48 /etc/pwd.db
-rw------- 1 root wheel - 40960 Mar 6 17:48 /etc/spwd.db
There's more than one foot waiting to be shot. I think this sort of
half-baked protection should really be turn-on-and-offable somewhere
(maybe /etc/make.conf) and shouldn't be on by default.
I'm not arguing that there are no good usages for file flags. I'm
just saying that I think everything we've done with them in the base
system so far is .... surprising. I find it a bit embarrassing.
> Kris
--
Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org>
<http://www.Awfulhak.org>; <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103180057.f2I0vqm56252>