Re: setuid/setgid binaries contained in the Debian repository.

[Bernd Eckenfels <lists@lina.inka.de>]

On Fri, Aug 01, 2003 at 09:19:46PM -0400, Joey Hess wrote:
> Bernd Eckenfels wrote:
> > Umm... you invent a scorewriter for removing the sgui games bit? And then
> > you add a sgid scoresetter? I dont think this makes mch sence.
> 
> You need to learn some more about security then. Small, simple and well
> defined programs are often more secure than large monoliths that have to
> deal with arbitrary user input. Especially if the monolith was written
> in 1993 and the helper program in 2003.

Well, I am fine with that. Although the game is still sgid, which is not
needed. Some other ways to check the programs integrity can be used.

Greetings
Bernd
-- 
  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!