Re: setuid/setgid binaries contained in the Debian repository.
On Fri, Aug 01, 2003 at 09:19:46PM -0400, Joey Hess wrote:
> Bernd Eckenfels wrote:
> > Umm... you invent a scorewriter for removing the sgui games bit? And then
> > you add a sgid scoresetter? I dont think this makes mch sence.
>
> You need to learn some more about security then. Small, simple and well
> defined programs are often more secure than large monoliths that have to
> deal with arbitrary user input. Especially if the monolith was written
> in 1993 and the helper program in 2003.
Well, I am fine with that. Although the game is still sgid, which is not
needed. Some other ways to check the programs integrity can be used.
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: