Ruslan Ermilov <[EMAIL PROTECTED]> writes:
> On Wed, Jun 27, 2001 at 01:29:28AM -0700, Dima Dorfman wrote:
> > Ruslan Ermilov <[EMAIL PROTECTED]> writes:
> > > On Tue, Jun 26, 2001 at 03:04:07PM -0700, Dima Dorfman wrote:
> > > > Hi folks,
> > > >
> > > > Is there a particular reason, other than the desire for more setgid
> > > > programs, that ifmcstat(8) is setgid kmem? It seems that there's no
> > > > reason anyone but root would want to use it, anyway. OpenBSD and
> > > > NetBSD already nuked its setgid bit; any reason why we shouldn't
> > > > follow suit?
> > > >
> > > $ ifmcstat
> > > kvm_openfiles: Permission denied
> >
> > I don't follow. Yes, it needs access to kmem to work. However, I
> > don't see why anyone other than root would need to run it, so why is
> > it setgid? root can access kmem either way.
> >
> Could you please elaborate on why it should be restricted to root only?
Because it looks like it doesn't provide any information that anyone
other than the administrator would find useful (if I'm seeing things,
please let me know), and the less setgid programs in the system the
better our overworked security officer(s) sleep at night :-).
> OpenBSD's and NetBSD's commitlogs are too terse.
This is quite an understatement!
Dima Dorfman
[EMAIL PROTECTED]
>
>
> Cheers,
> --
> Ruslan Ermilov Oracle Developer/DBA,
> [EMAIL PROTECTED] Sunbay Software AG,
> [EMAIL PROTECTED] FreeBSD committer,
> +380.652.512.251 Simferopol, Ukraine
>
> http://www.FreeBSD.org The Power To Serve
> http://www.oracle.com Enabling The Information Age
>
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
