Re: Suid Manager Proposal

To: debian-devel@lists.debian.org
Subject: Re: Suid Manager Proposal
From: Daniel Quinlan <quinlan@pathname.com>
Date: 22 Nov 1996 02:37:57 -0800
Message-id: <yf2zq0abeka.fsf@proton.pathname.com>
In-reply-to: Christoph Lameter's message of Thu, 21 Nov 1996 07:57:37 -0800 (PST)
References: <Pine.LNX.3.95.961121075655.23268D-100000@waterf.org>

This is a mediocre solution for a nonexistent problem.  That is, I
would appreciate it if someone would please clearly define the problem
first.

It seems like everyone is falling over themselves to write another
Debian packaging standard, but avoiding the real work: bug-free
packages and a better user interface to dpkg.  Here are some reasons
to find something better to do:

* Count the number of bug reports that can be fixed only by adding
  this facility.  The answer is zero.

* If the package is distributed with sloppy permissions, it should be
  fixed, not glossed over with a configuration file.  The burden of
  security should not be on the person installing a package.  I
  consider answering dumb questions that equate to whether I want less
  security a burden.

* If a site wants to use sloppy permissions, we shouldn't complicate
  Debian to do it.  As Bruce is right to point out, there are bigger
  fish to fry than adding new gizmos to the packaging scheme.

* Unnecessary complication.  What, are you surprised that Red Hat is
  easier to install?  It's designed for everyone.  Debian is being
  designed by developers for themselves and nobody else.  The attitude
  is not "what do people expect or need from my package", but "what
  feature do I need at my site from my package".  How many
  Debian-specific configuration files will it take to satisfy the
  collective creeping featuritis?

* You should never make a binary setuid or setgid without having some
  qualified individual examine the source code.  Putting in hooks,
  questions, or configuration options to change permissions violates
  that concept.

Note: `setuid' is more common usage and less ambiguous (when taken out
of context) than `suid'.  Also, if this poorly thought-out idea is
used, the configuration file and programs should reflect what they do
(file permission modes), not the problem (setuid binaries).

-- 
Daniel Quinlan <quinlan@pathname.com>  |  finger quinlan@pathname.com for PGP
quinlan@transmeta.com (at work)        |  http://www.pathname.com/~quinlan/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: Suid Manager Proposal
  - From: Christoph Lameter <clameter@waterf.org>

References:
- Suid Manager Proposal
  - From: Christoph Lameter <clameter@waterf.org>

Prev by Date: Re: Please do not use Qt (fwd)
Next by Date: Re: Xt xterm security hole
Previous by thread: Re: Galloping featurism is not the problem
Next by thread: Re: Suid Manager Proposal
Index(es):
- Date
- Thread