Re: Excessive root usage in Debian

To: debian-devel@lists.debian.org
Subject: Re: Excessive root usage in Debian
From: Anthony Towns <aj@azure.humbug.org.au>
Date: Tue, 12 Oct 1999 10:35:31 +1000
Message-id: <[🔎] 19991012103531.B4525@azure.humbug.org.au>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 19991011171659.E3953@kitenet.net>
References: <[🔎] 87wvst8pv4.fsf@erwin.complete.org> <[🔎] 19991011171659.E3953@kitenet.net>

On Mon, Oct 11, 1999 at 05:16:59PM -0700, Joey Hess wrote:
> There's very little point in auditing programs that run as root unless they
> 
> a) Take input form some source a non-root user might control.
> or
> b) Can be started as root by a non-root user.

or c) Have bugs, or other undesirable and unexpected behaviour.

See Bug#43094, for example.

Limiting the effect of stupid bugs is a good idea --- that's why we have
stable after all; if we can make stupid bugs even less likely to trash
the entire system, that's a good thing.

I'm not convinced this is an incredibly easy thing to do, though...

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. PGP encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
        results in slower code, and it results in more bugs.''
                                        -- Linus Torvalds

Attachment: pgpJBKmYlEr9N.pgp
Description: PGP signature

Reply to:

References:
- Excessive root usage in Debian
  - From: John Goerzen <jgoerzen@complete.org>
- Re: Excessive root usage in Debian
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: [PATCH] added --force-* options for conffile handling
Next by Date: Re: Semi-retiring: All (ok, some) packages must go!
Previous by thread: Re: Excessive root usage in Debian
Next by thread: Re: Excessive root usage in Debian
Index(es):
- Date
- Thread