by redmail.netbsd.org with SMTP; 16 Feb 2000 09:45:24 -0000
	by antioche.lip6.fr (8.9.3/8.9.3) with ESMTP id KAA02918;
	Wed, 16 Feb 2000 10:45:17 +0100 (MET)
Date: Wed, 16 Feb 2000 10:45:16 +0100
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
To: "Chris G. Demetriou" <cgd@netbsd.org>
Cc: Chris Jones <chris@cjones.org>, tech-security@netbsd.org
Subject: Re: NetBSD Security Advisory 2000-001
Message-ID: <20000216104516.A9330@antioche.lip6.fr>
References: <14505.23693.773699.404104@passion.geek.com.au> <x6zot2w3h2.fsf@reddwarf.rightnowtech.com> <20000215230900.A6739@antioche.lip6.fr> <x6itzqw0di.fsf@reddwarf.rightnowtech.com> <20000215235049.A6841@antioche.lip6.fr> <87hff9gbc8.fsf@redmail.netbsd.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <87hff9gbc8.fsf@redmail.netbsd.org>; from Chris G. Demetriou on Tue, Feb 15, 2000 at 05:55:35PM -0800

On Tue, Feb 15, 2000 at 05:55:35PM -0800, Chris G. Demetriou wrote:
> OK, what technical grounds are there for this?
> 
> Assuming the code works properly (and does permissions checks, etc.,
> properly) what harm is there in letting users mount copies, or,
> perhaps more correctly stated, not _preventing_ users from mounting
> copies?
> 
> If the code doesn't work properly and is not safe, well:
> 
> 	(1) it's not safe,
> 	(2) we shouldn't be encouraging people to have it in their
> 	    kernels, or shipping it in kernels ourselves, and
> 	(3) if we ship it by default in any kernels that we provide,
> 	    we have to take responsibility for that fact and act
> 	    appropriately if there are problems.
> 
> Personally, i'm very strongly in the (2) camp.  8-)

Me too. The problem is that it's in our kernels by default but not mounted,
so someone who install NetBSD doesn't necesserely know that any user can
mount pseudo filesyetem not mounted by default.
(2) would obsolete my previous comment :)

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--