tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: src/sys/kern



Andrew Doran wrote:
On Sun, Mar 23, 2008 at 08:01:46PM +0200, Elad Efrat wrote:

Modified Files:
        src/sys/kern: kern_fork.c

Log Message:
Undo 1.150 (Don't make root an exception when enforcing rlimits). No other
Unix behaves this way and it breaks too many things, e.g. web servers.
Was it that critical that this had to go in without any discussion
and/or okay from other people?

Your question is based on a false premise - this was discussed on tech-kern.
I can't find a similar discussion for the change that it corrects (1.150).
If it had been discussed, I'm sure that you would have received comments
indicating that it was the wrong thing to do.

I must have missed the thread (or not remember it; this change was brought up over a year ago). Do you have a URL or a subject line?

The 1.150 revision was discussed, as the commit log suggests. Even
though I agree it might not be desired, I am 100% confident that a uid 0
check instead is even less so, especially given the nature of -current
and -- again -- the fact that kauth is under active development.

If you are interested in ignoring everything else raised, continue to
violate commit guidelines, undermine on-going work that people already enjoy and use, and basically turn this project to an AndrewBSD, be my
guest. I will let others speak up... I guess if nobody does, then nobody
is bothered. :)

-e.


Home | Main Index | Thread Index | Old Index