Subject: Re: NetBSD Security Advisory 2000-001
To: Soren S. Jorvang <>
From: Chris G. Demetriou <>
List: tech-security
Date: 02/15/2000 17:58:03
To: "Soren S. Jorvang" <>
Cc: Manuel Bouyer <>,
Subject: Re: NetBSD Security Advisory 2000-001
References: <> <> <> <> <> <>
From: (Chris G. Demetriou)
Date: 15 Feb 2000 17:58:03 -0800
In-Reply-To: "Soren S. Jorvang"'s message of Tue, 15 Feb 2000 23:56:39 +0100
Message-ID: <>
Lines: 24

"Soren S. Jorvang" <> writes:
> > Well, I don't feel really confortable with this ... I'd prefer to have it
> > restricted to root.
> Very much seconded. No matter how hard we try, it will continue to
> be a tricky issue.

If it is, and is going to continue to be a security risk, then why do
we ship it in default kernels at all?

If people actually think this:

* we shouln't be shipping it by default, and, better,

* we should be clearly marking the areas that people would have to
look to enable it so they'll know that it's likely to cause security

Chris Demetriou - -
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.