Re: Suid Manager Proposal
This is a mediocre solution for a nonexistent problem. That is, I
would appreciate it if someone would please clearly define the problem
first.
It seems like everyone is falling over themselves to write another
Debian packaging standard, but avoiding the real work: bug-free
packages and a better user interface to dpkg. Here are some reasons
to find something better to do:
* Count the number of bug reports that can be fixed only by adding
this facility. The answer is zero.
* If the package is distributed with sloppy permissions, it should be
fixed, not glossed over with a configuration file. The burden of
security should not be on the person installing a package. I
consider answering dumb questions that equate to whether I want less
security a burden.
* If a site wants to use sloppy permissions, we shouldn't complicate
Debian to do it. As Bruce is right to point out, there are bigger
fish to fry than adding new gizmos to the packaging scheme.
* Unnecessary complication. What, are you surprised that Red Hat is
easier to install? It's designed for everyone. Debian is being
designed by developers for themselves and nobody else. The attitude
is not "what do people expect or need from my package", but "what
feature do I need at my site from my package". How many
Debian-specific configuration files will it take to satisfy the
collective creeping featuritis?
* You should never make a binary setuid or setgid without having some
qualified individual examine the source code. Putting in hooks,
questions, or configuration options to change permissions violates
that concept.
Note: `setuid' is more common usage and less ambiguous (when taken out
of context) than `suid'. Also, if this poorly thought-out idea is
used, the configuration file and programs should reflect what they do
(file permission modes), not the problem (setuid binaries).
--
Daniel Quinlan <quinlan@pathname.com> | finger quinlan@pathname.com for PGP
quinlan@transmeta.com (at work) | http://www.pathname.com/~quinlan/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: