Re: SUIDDIR -> security.bsd.suiddir_enable.
From: Robert Watson (rwatson_at_FreeBSD.org)
Date: 03/25/04
- Previous message: Bruce Evans: "Re: SUIDDIR -> security.bsd.suiddir_enable."
- In reply to: Pawel Jakub Dawidek: "Re: SUIDDIR -> security.bsd.suiddir_enable."
- Next in thread: Jacques A. Vidrine: "Re: SUIDDIR -> security.bsd.suiddir_enable."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 25 Mar 2004 08:50:18 -0500 (EST) To: Pawel Jakub Dawidek <pjd@FreeBSD.org>
On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote:
> On Thu, Mar 25, 2004 at 11:06:38PM +1100, Bruce Evans wrote:
> +> On Thu, 25 Mar 2004, Pawel Jakub Dawidek wrote:
> +>
> +> > Any objection on such exchange?
> +> >
> +> > In p4 pjd_suiddir branch I've a code that replace SUIDDIR kernel option
> +> > with sysctl security.bsd.suiddir_enable sysctl with is turned off by
> +> > default. SUIDDIR option is not removed, but it means now: turn on suiddir
> +> > functionality by default.
> +>
> +> Using SUIDDIR is controlled by the MNT_SUIDDIR mount option, so there
> +> shouldn't be another knob to control it. If there is a security problem
> +> using MNT_SUIDDIR, then MNT_SUIDDIR should be disallowed up front so
> +> that that all the places that implement SUIDDIR don't have to test
> +> both knobs.
>
> First of all this adds 0 overhead. And I think there is a need for
> additional level of security for such functionality, but I see no reason
> to force people to recompile kernel.
Actually, I think what Bruce is actually saying is that the MNT_SUIDDIR
mount option should be sufficient without a sysctl, if we really think
suiddir is safe to use, rather than offering a global disable off by
default. So the question really becomes "do we want to use recompilation
as a hurdle to discourage use of this feature"...
Robert N M Watson FreeBSD Core Team, TrustedBSD Projects
robert@fledge.watson.org Senior Research Scientist, McAfee Research
_______________________________________________
freebsd-arch@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org"
- Previous message: Bruce Evans: "Re: SUIDDIR -> security.bsd.suiddir_enable."
- In reply to: Pawel Jakub Dawidek: "Re: SUIDDIR -> security.bsd.suiddir_enable."
- Next in thread: Jacques A. Vidrine: "Re: SUIDDIR -> security.bsd.suiddir_enable."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
