Greg,

[Mail sent only to you, no cc's or bcc's - agc]

I really think that there's been a whole lot of heat in this discussion, and
not a whole lot of light. I also think that all sides are so entrenched that
a reasonable outcome is unattainable.

I appreciate your enthusiasm, but please could you try and curb it, remember
the audience, and try to be a bit less scatter-gun in your approach on the
NetBSD technical lists? 

Thanks,
Alistair

On Thu, 30 Nov 2000 14:11:50 -0500 (EST), NetBSD Kernel Technical Discussion
List wrote:

>  [ On Thursday, November 30, 2000 at 20:02:26 (+0900), Noriyuki Soda
wrote: ]
>  > Subject: Re: Addition to force open to open only regular files
>  >
>  > But what I'm recommending is not removing setreuid(2) and setregid(2)
>  > from libc and kernel (this cannot be done without changing libc major
number),
>  > but removing reference to setreuid(2) and setregid(2) from our
>  > applications just like removing reference to gets(3).
>  
>  You can disable it in the kernel -- I've done that and replaced it with
>  a log() call and so far haven't encountered any places where it's been
>  used in the last week or so.
>  
>  > As Matt mentioned, NetBSD doesn't confirm to POSIX.1 about
setuid-non-root
>  > program behaviour of setuid(2), and never will conform to POSIX.1 about
>  > this due to the behaviour of NetBSD is more secure than POSIX.1.
>  
>  NetBSD is *not*, by design, more secure than POSIX.1.  !!!!
>  
>  The fact that a setuid-non-root process can forever give up its
>  privileges makes little, or no, difference in the end.
>  
>  -- 
>  							Greg A. Woods
>  
>  +1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
>  Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>


--
Alistair Crooks (agc@pkgsrc.org)





_______________________________________________________
Tired of slow Internet? Get @Home Broadband Internet
http://www.home.com/xinbox/signup.html