On 23/02/2010 21:34, Theo de Raadt whispered from the shadows...: > Instead, as a group our policy is to turn these things on, not make it > easy for them to be turned off, and thus enforce the policy strictly, > and thereby we educate people using these functions to get used to the > choices they should be making in security software. If we don't make > them aware, they will remain blissfully aware and think they are smart > enough to write setuid or daemon software.
When you first mentioned the policy in your first reply (without this latter elaboration) and knowing how famed you are for such strict and uncompromising views on security, I deduced your motives behind the policy choice. It makes my life difficult as a developer, but as you state, it makes an attacker's life even more so. I'll live now that I have been edified. -- Anthony C Howe Skype: SirWumpus SnertSoft +33 6 11 89 73 78 Twitter: SirWumpus BarricadeMX & Milters http://snert.com/ http://nanozen.info/ http://snertsoft.com/
