Thus spake M. Warner Losh <[EMAIL PROTECTED]>: > I would ****STRONGLY**** suggest that any attempts to change the > setuid semantics of FreeBSD be resisted unless the person making the > change is willing to a) audit the entire tree for places where the use > of setuid breaks (and to publish the results of the non-breakage cases > too) and b) be the point person for the next year after this change > for the SO to send port breakages too. > > Many eyes have looked at the setuid/seteuid instances in the tree and > verified them as being as correct as we can determine. I'd really > hate to see that work undone by subtle changes in the system calls.
Interestingly, the paper grew out of a larger project to develop an automated tool to verify temporal safety properties. The tool is written and it has yielded promising results, although it presently lacks a front end to drive all the parts and an extensive database of formalized security properties. I'm working on the former deficiency right now. The old hard-to-drive version is available at http://www.cs.berkeley.edu/~daw/mops/ . To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
