Re: Proposed policy on set-id programs

To: Ian Jackson <ian@chiark.greenend.org.uk>
Cc: debian-devel@lists.debian.org
Subject: Re: Proposed policy on set-id programs
From: David Frey <david@eos.lugs.ch>
Date: Sat, 23 Nov 1996 20:04:25 +0100
Message-id: <m0vRNNf-000AHmC@eos>
In-reply-to: Your message of "Fri, 22 Nov 1996 07:05:00 GMT." <m0vQpff-0004O6C@chiark.greenend.org.uk>

On Fri, 22 Nov 96 07:05 GMT, Ian Jackson writes:
>A Debian package may contain set-id programs only if approved by one
>of the Debian security reviewer(s) who is satisfied that:
>
>* If the program is set-gid (not set-uid) to a non-security-critical,
>  non-core group such as games:
>  - That this does not pose a significant risk to the remainder of the
>    system.
Maybe its due to that English is not my first language, but in my 
understanding, the sentence should read:
* If the program is set-gid (not set-uid) to a security-critical,
  non-core group:
...
Or is games viewed as security-critical? And what happens with the
non-security setgid programs?

David


-- 
David Frey <david@eos.lugs.ch>  |Microsoft isn't the answer...it's the QUESTION.
Schlieren, Switzerland          |``No'' is the answer.
51F35923114FC8647D05FF173C61EFDE|Use Debian GNU/Linux!



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- Proposed policy on set-id programs
  - From: Ian Jackson <ian@chiark.greenend.org.uk>

Prev by Date: Re: Galloping Featurism
Next by Date: Re: installation of suid binaries by dpkg &c.
Previous by thread: Proposed policy on set-id programs
Next by thread: Wanted: new dwww maintainer
Index(es):
- Date
- Thread