[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How Debian Linux could be made more secure

On Tue, Apr 28, 1998 at 12:50:37PM -0500, Branden Robinson wrote:
> On Tue, Apr 28, 1998 at 04:50:45PM +0200, Thomas Roessler wrote:
> > First, the Debian Policy should be enhanced by a paragraph
> > on suid binaries.  The policy should emphasize the least
> > privilege principle.  It should require the use of
> > suidmanager when installing scripts suid root.
> > 
> > Further, the policy should require maintainers to tag bug
> > reports about programs running suid root "critical".  (You
> > may also consider to add an option to the bug program
> > which tags a bug report as a security problem, and thus
> > "critical".  This is also interesting for network programs
> > which have security breaches and/or denial of service
> > vulnerabilities.)

I thought lintian already detects setuid binaries and needs
confirmation by the author that it needs to be setuser or
not.

Regards,

	Joey

-- 
  / Martin Schulze  *  joey@infodrom.north.de  *  26129 Oldenburg /
 /                             The good thing about standards is /
/ that there are so many to choose from. -- Andrew S. Tanenbaum /


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: