To: "Soren S. Jorvang" <soren@wheel.dk>
Cc: Manuel Bouyer <bouyer@antioche.lip6.fr>, tech-security@netbsd.org
Subject: Re: NetBSD Security Advisory 2000-001
References: <14505.23693.773699.404104@passion.geek.com.au> <x6zot2w3h2.fsf@reddwarf.rightnowtech.com> <20000215230900.A6739@antioche.lip6.fr> <x6itzqw0di.fsf@reddwarf.rightnowtech.com> <20000215235049.A6841@antioche.lip6.fr> <20000215235639.B18825@gnyf.wheel.dk>
From: cgd@netbsd.org (Chris G. Demetriou)
Date: 15 Feb 2000 17:58:03 -0800
In-Reply-To: "Soren S. Jorvang"'s message of Tue, 15 Feb 2000 23:56:39 +0100
Message-ID: <87g0utgb84.fsf@redmail.netbsd.org>
Lines: 24

"Soren S. Jorvang" <soren@wheel.dk> writes:
> > Well, I don't feel really confortable with this ... I'd prefer to have it
> > restricted to root.
> 
> Very much seconded. No matter how hard we try, it will continue to
> be a tricky issue.

If it is, and is going to continue to be a security risk, then why do
we ship it in default kernels at all?

If people actually think this:

* we shouln't be shipping it by default, and, better,

* we should be clearly marking the areas that people would have to
look to enable it so they'll know that it's likely to cause security
problems!



cgd
-- 
Chris Demetriou - cgd@netbsd.org - http://www.netbsd.org/People/Pages/cgd.html
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.