* De: Lamont Granquist <[EMAIL PROTECTED]> [ Data: 2002-09-23 ]
[ Subjecte: Re: Just a wild idea ]
>
> On Sun, 22 Sep 2002, Juli Mallett wrote:
> > Maybe just replace all suser(9) uses with MAC credential checks, and
> > install MAC_UNIX by default, which would be set up to behave like
> > ye olden UNIX... Who knows.
>
> Something like that sounds like a really good idea. I'd like to see this
> not only for binding to low ports but also, for example, to set the system
> time -- this would let you run ntpd as non-root.
>
> It'd be interesting to have a system one day where once you've gone past
> single user mode, root drops all its privs and acts just like a normal
> user account and daemon accounts only have special privs handed out to
> them in little chunks.
One day? It's really easy to do, especially once you have a way for init
to set privs for the children easily, and you can just have your rc scripts
work with init.
--
Juli Mallett <[EMAIL PROTECTED]> | FreeBSD: The Power To Serve
Will break world for fulltime employment. | finger [EMAIL PROTECTED]
http://people.FreeBSD.org/~jmallett/ | Support my FreeBSD hacking!
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
