Re: setuid/setgid binaries contained in the Debian repository.

To: debian-devel@lists.debian.org
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Matt Zimmerman <mdz@debian.org>
Date: Sat, 2 Aug 2003 22:17:16 -0400
Message-id: <[🔎] 20030803021716.GT24128@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 8765lfo848.fsf@glaurung.green-gryphon.com>
References: <[🔎] 20030802011210.GA14970@dragon.kitenet.net> <[🔎] 87u190r7ur.fsf@glaurung.green-gryphon.com> <[🔎] 20030802170909.GZ24128@alcor.net> <[🔎] 87r844osq5.fsf@glaurung.green-gryphon.com> <[🔎] 20030802185016.GH24128@alcor.net> <[🔎] 87y8ybooek.fsf@glaurung.green-gryphon.com> <[🔎] 20030802205512.GL24128@alcor.net> <[🔎] 87ptjnofbi.fsf@glaurung.green-gryphon.com> <[🔎] 20030803004826.GN24128@alcor.net> <[🔎] 8765lfo848.fsf@glaurung.green-gryphon.com>

On Sat, Aug 02, 2003 at 08:14:15PM -0500, Manoj Srivastava wrote:

> 	Heh. You should look at what is in the current version:

Is that what you would say to the users who have angband installed on Woody?
I do not think this is something to laugh about.

> 	Superficial audits are probably worse rthan none; they tend to
>  raise false senses of security.

Only if their results are interpreted incorrectly.  A superficial audit is
enough to say "this program cannot be trusted to be setid until it has
received a more thorough audit".  If no one is willing or able to perform
such an audit, the program should not be distributed setid.  This is the
kind of result that I hope would be achieved by recommending discussion
before new setid programs are added to the distribution.

If we had the resources to thoroughly audit all such programs before
distributing them, that would be better, but as yet we do not.  However,
having an established channel for this kind of review makes it easier for
interested parties to perform some amount of auditing.  Of course, even
thorough auditing cannot provide security guarantees, it can only find new
bugs.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Joey Hess <joeyh@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: proposal: per-user temporary directories on by default?
Next by Date: Re: time(1): Return value and sys/wait.h macros
Previous by thread: Re: setuid/setgid binaries contained in the Debian repository.
Next by thread: Re: setuid/setgid binaries contained in the Debian repository.
Index(es):
- Date
- Thread