Re: disabling SA in 5.0

To: David Brownlee <abs%NetBSD.org@localhost>
Subject: Re: disabling SA in 5.0
From: Martin Husemann <martin%duskware.de@localhost>
Date: Mon, 9 Mar 2009 00:16:35 +0100

On Sun, Mar 08, 2009 at 10:43:39PM +0000, David Brownlee wrote:
>       How difficult would it be to disable it by default and arrange
>       for a kernel printf mentioning the sysctl when a process
>       attempts to use it and fails

This is too late, already - the system will be not functioning as expected
in this state already, and we realy do not want our users to easily get
into that state.

We can note it in the release notes (and probably a lot more prominent
places), it still will bite some people.

However, we can guess (and nothing more) how many people, while using a
manual update method, rely on our standard binary distribution. There will be
some, but maybe forcing them to prepare a custom install media would be
acceptable pain. I am not sure. I probably would prefer to make them upgrade
to something with similar security/local DOS problems as the 4.x they used
before and then tell them how to make it secure.

On the other hand, we certainly do not want to do this play for new 
installations, so maybe a hackish but simple solution could be to use two
different kernel sets - one for upgrades (with SA enabled by default and
a prominent warning printed at every boot) and a "real" one for fresh
installations?

Martin

Follow-Ups:
- Re: disabling SA in 5.0
  - From: David Brownlee

References:
- Re: disabling SA in 5.0
  - From: Christos Zoulas
- Re: disabling SA in 5.0
  - From: David Brownlee

Prev by Date: Re: disabling SA in 5.0
Next by Date: Re: Kernel or userland bug: file descript passing in Postfix
Previous by Thread: Re: disabling SA in 5.0
Next by Thread: Re: disabling SA in 5.0
Indexes:

Home | Main Index | Thread Index | Old Index