Re: radiusd-freeradius history and future

To: debian-devel@lists.debian.org, 155583@bugs.debian.org
Subject: Re: radiusd-freeradius history and future
From: Henning Makholm <henning@makholm.net>
Date: 13 Nov 2003 02:06:09 +0100
Message-id: <[🔎] yahwua56pry.fsf@tyr.diku.dk>
In-reply-to: Russell Coker's message of "Thu, 13 Nov 2003 11:50:05 +1100"
References: <20030111000253.29887.qmail@oak.oeko.net> <[🔎] 200311131043.58519.russell@coker.com.au> <[🔎] 20031113001555.GA9807@downhill.at.eu.org> <[🔎] 200311131150.05176.russell@coker.com.au>

Scripsit Russell Coker <russell@coker.com.au>

> Maybe we should have a debconf option for whether the program in question is 
> to be SETUID root or SETGID shadow?  Then the minority of people who use NIS 
> can have full functionality, while the majority of people who don't use NIS 
> can have better security.

Would it be feasible to have the program be suid root, but start by
trying to parse /etc/nsswitch.conf and drop root privileges
immediately unless it finds NIS for passwd/shadow?

-- 
Henning Makholm         "Vend dig ikke om! Det er et meget ubehageligt syn!"

Reply to:

References:
- Re: radiusd-freeradius history and future
  - From: Russell Coker <russell@coker.com.au>
- Re: radiusd-freeradius history and future
  - From: Andreas Metzler <ametzler@downhill.at.eu.org>
- Re: radiusd-freeradius history and future
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: ftpmaster accepts packages that have been rejected a few days ago
Next by Date: Re: radiusd-freeradius history and future
Previous by thread: Re: radiusd-freeradius history and future
Next by thread: Re: radiusd-freeradius history and future
Index(es):
- Date
- Thread