Re: setuid/setgid binaries contained in the Debian repository.

To: debian-devel@lists.debian.org
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Matt Zimmerman <mdz@debian.org>
Date: Fri, 1 Aug 2003 11:21:40 -0400
Message-id: <[🔎] 20030801152140.GC15502@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <20030731173753.GA27675@uk.intasys.com>
References: <20030731121701.GA3282@uk.intasys.com> <20030731165528.GB10002@dragon.kitenet.net> <20030731173753.GA27675@uk.intasys.com>

On Thu, Jul 31, 2003 at 06:37:53PM +0100, Steve Kemp wrote:

> On Thu, Jul 31, 2003 at 12:55:28PM -0400, Joey Hess wrote:
> 
> > I'd like to see us move all of our setgid games (except, perhaps,
> > nethack) away from using global score files by default. 
> 
>   I think that should be a good option, but I can see several 
>  games that might suffer by it.
> 
>   I'm loath to ask the user if it should be setgid in the installer
>  because that's just needless distraction, but perhaps some global
>  'setgidnes' setting could be stored in /etc/games?

Personally, I would lean more towards having a setgid helper which writes to
the game's score file.  It is possible to audit such helpers completely in a
short amount of time, and I feel that it would be far better to open
ourselves up to letting users forge their own high scores than to the
current exposures which are possible through group games.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Re: Bug#203588: acpid: Shell script has nothing to do in /etc
Next by Date: Re: setuid/setgid binaries contained in the Debian repository.
Previous by thread: Re: setuid/setgid binaries contained in the Debian repository.
Next by thread: Re: setuid/setgid binaries contained in the Debian repository.
Index(es):
- Date
- Thread