[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How Debian Linux could be made more secure

On Tue, Apr 28, 1998 at 01:02:11PM -0500, Branden Robinson wrote:

> > I thought lintian already detects setuid binaries and needs
> > confirmation by the author that it needs to be setuser or
> > not.

> Yes, it does.

Fine.  But apparently this confirmation is given a little
bit - mh - quickly. ;-)

The aim of my suggestions is mainly the following: Make
the package maintainers really _think_ about what
privileges their packages need.  Require them to give some
reasoning about the privileges.  Require peer review of
these reasons.  Make these reasons part of the packet's
documentation.

tlr
-- 
Thomas Roessler · 74a353cc0b19 · dg1ktr · http://home.pages.de/~roessler/
     2048/CE6AC6C1 · 4E 04 F0 BC 72 FF 14 23 44 85 D1 A1 3B B0 73 C1


--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: