--GvXjxJ+pjyke8COw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 13, 2006 at 11:16:43AM -0800, Garrett D'Amore wrote:
> Elad Efrat wrote:
>=20
> >Garrett D'Amore wrote:
> >
> >>These checks maybe should be enabled by yet another sysctl, in case some
> >>site has some special reason not to enforce them.
> >
> >It seems like this is getting way too bloated. The original request was
> >for a knob to be used on development machines; I'm not sure who would
> >want to enable such a feature on a production box.
> >
> >The suggestion of setting a directory and owner via sysctl seems enough
> >for me; root should take care of anything around it.
> > =20
> >
> Here's the scenario I see, and it should be thought out:

I agree that it'd be nice to support the scenario you describe. However=20
let's do this in steps. I think that adding a way to enable set-id cores=20
is a good first step. Also, I don't think the proposed sysctls will impare=
=20
supporting the scenario you describe, so let's add it/them now. :-)

Also, we have the kern.defcorename sysctl now. If we want things in a=20
specific directory, why not just put a full path in there? That way we=20
wouldn't need a new sysctl. :-)

Take care,

Bill

--GvXjxJ+pjyke8COw
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFDyAWpWz+3JHUci9cRAksSAJ4y8feik7hwGSaiIfPP0qbpLofuJgCeKHWg
3enSto1JZ3VZn1sf8eIkIJI=
=GHRq
-----END PGP SIGNATURE-----

--GvXjxJ+pjyke8COw--