[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed policy on set-id programs

On Fri, 22 Nov 96 07:05 GMT, Ian Jackson writes:
>A Debian package may contain set-id programs only if approved by one
>of the Debian security reviewer(s) who is satisfied that:
>* If the program is set-gid (not set-uid) to a non-security-critical,
>  non-core group such as games:
>  - That this does not pose a significant risk to the remainder of the
>    system.
Maybe its due to that English is not my first language, but in my 
understanding, the sentence should read:
* If the program is set-gid (not set-uid) to a security-critical,
  non-core group:
Or is games viewed as security-critical? And what happens with the
non-security setgid programs?


David Frey <david@eos.lugs.ch>  |Microsoft isn't the answer...it's the QUESTION.
Schlieren, Switzerland          |``No'' is the answer.
51F35923114FC8647D05FF173C61EFDE|Use Debian GNU/Linux!

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: