On Thu, Jan 04, 2001 at 02:09:53PM -0500, Garrett Wollman wrote:
> What is the reason for this change?

Paranoia.  There's nothing wrong with a little extra paranoia in case
someone tries to use apply(1) through suidperl on a web interface.
Granted, it's not likely to happen, but you never know.

> I see no benefit in modifying many programs in this manner which do
> not ordinarily run with elevated privileges.

I do; FreeBSD's reputation for security.  There's nothing like having
some confidence in the OS.

> It is the responsibility of those programs that do, to ensure that the
> environment passed to their children is safe and sane.

So what?  Not that many people consider security concerns, let alone
write them.

What, exactly, are we trading off by making apply(1) a bit more
paranoid?  A couple extra cpu cycles?  Maybe you haven't noticed, but
these days there's almost nobody still using 100MHz chips.  And out of
the ones that do, how many will use apply(1) more than once or twice in
the lifetime of the machine?

I think such logic could be applied to most usr.bin and probably other
parts of the tree.


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to