Re: Excessive root usage in Debian

To: John Goerzen <jgoerzen@complete.org>
Cc: debian-devel@lists.debian.org
Subject: Re: Excessive root usage in Debian
From: Joey Hess <joey@kitenet.net>
Date: Mon, 11 Oct 1999 17:16:59 -0700
Message-id: <[🔎] 19991011171659.E3953@kitenet.net>
Mail-followup-to: John Goerzen <jgoerzen@complete.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 87wvst8pv4.fsf@erwin.complete.org>
References: <[🔎] 87wvst8pv4.fsf@erwin.complete.org>

John Goerzen wrote:
> We run all sorts of things as root that really shouldn't.  We run
> sendmailconfig, a big shell script that invokes m4, makemap, and
> various other programs as root.  Few of the things that script does
> should be run as root.  There's no sane reason to run m4 as root.
> Nobody has even audited tthese things for security for running as
> root!

There's very little point in auditing programs that run as root unless they

a) Take input form some source a non-root user might control.
or
b) Can be started as root by a non-root user.

AFIAK neither a or b is true of m4 or makemap or sendmailconfig, or
update-menus for that matter (though you have a point aboutr resource limits).

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: Excessive root usage in Debian
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: Excessive root usage in Debian
  - From: John Goerzen <jgoerzen@complete.org>

References:
- Excessive root usage in Debian
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Re: [PATCH] added --force-* options for conffile handling
Next by Date: Captech is looking for a Technical Writer
Previous by thread: Excessive root usage in Debian
Next by thread: Re: Excessive root usage in Debian
Index(es):
- Date
- Thread