Thus spake M. Warner Losh <[EMAIL PROTECTED]>:
> I would ****STRONGLY**** suggest that any attempts to change the
> setuid semantics of FreeBSD be resisted unless the person making the
> change is willing to a) audit the entire tree for places where the use
> of setuid breaks (and to publish the results of the non-breakage cases
> too) and b) be the point person for the next year after this change
> for the SO to send port breakages too.
> Many eyes have looked at the setuid/seteuid instances in the tree and
> verified them as being as correct as we can determine.  I'd really
> hate to see that work undone by subtle changes in the system calls.

Interestingly, the paper grew out of a larger project to develop
an automated tool to verify temporal safety properties.  The tool
is written and it has yielded promising results, although it
presently lacks a front end to drive all the parts and an
extensive database of formalized security properties.  I'm working
on the former deficiency right now.  The old hard-to-drive version
is available at .

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to