Steve Kemp wrote: > A long time ago I asked if there was a list of all the setuid/setgid > binaries contained in the previous Debian stable release. > > As there still isn't such a list I've created one and placed it online > with a simple search form. > > (This is the list that my recent spate of bug reporting has been > based upon). > > http://www.steve.org.uk/cgi-bin/debian/index.cgi I'd like to see us move all of our setgid games (except, perhaps, nethack) away from using global score files by default. After several bad experiences with xbl (DSA-345, DSA-327)), I suggested to its author that it be changed to use a score file in the player's home directory. We ended up making it do that by default, but letting it use a global score file if it is locally made setgid since it's been pretty well audited by now. Anyway, the point is that most games need a global score file like I need a third ear -- maybe useful from time to time, but normally just one more thing to worry about. I plan to go through the rest of the games I maintain and make similar changes. I also think it would be a good idea for policy to require all setuid/gid bit grants to go through this or another list for peer review, much as pre-depends are supposed to. -- see shy jo  Multi-user game machines are not as common as they once were.
Description: PGP signature