Re: [future patch] dropping user privileges on demand

[ari <edelkind-freebsd-hackers@episec.com>]

nick@garage.freebsd.pl said this stuff:

> As I said. Stuff like systrace or cerb doesn't need to be standarized,
> because it is transparent for applications. It doesn't need any work from
> userland application programmer. That's why it is easy to addopt for
> non-BSD-licensed applications or even for non-open-source applications.

This is precisely why i began working on the project.  What's
transparent to applications is not transparent to administrators.

So instead of having one programmer (or even a group of programmers)
"fix" the code, you have every administrator correct for it.  Of course,
it would be best if every administrator verified that it acted properly
anyway, but that's simply not going to happen.

Sure, some programmers are lazy.  Some programmers don't care.  But some
will benefit, and that's what matters.  This isn't intended to solve all
the world's coding problems.  It will probably never be used by as many
programmers as systrace will by administrators.  It's just furthering
the unix mentality of shedding privileges, without granting additional
ones.  You seem to think that the idea is a security hack.  It isn't.
It's more of a security model.

ari