[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setuid/setgid binaries contained in the Debian repository.



On Thu, Jul 31, 2003 at 12:55:28PM -0400, Joey Hess wrote:

> I'd like to see us move all of our setgid games (except, perhaps,
> nethack) away from using global score files by default. 

  I think that should be a good option, but I can see several 
 games that might suffer by it.

  I'm loath to ask the user if it should be setgid in the installer
 because that's just needless distraction, but perhaps some global
 'setgidnes' setting could be stored in /etc/games?

> I also think it would be a good idea for policy to require all
> setuid/gid bit grants to go through this or another list for peer
> review, much as pre-depends are supposed to.

  I was thinking of approaching that problem a different way.
  
  In the same way that apt-listchanges shows a packages changelog
 at install time, I could see a script 'apt-listsetuid' which would
 warn the admin at install time if any new setuid/setgid applications
 were being installed.
  (Optionally with the option to remove such bits on a global or per
 package basis).
 
  I've thought this several times, but never quite gotten around to
 writing the code - if there was any interest I would.
 
Steve
---
www.steve.org.uk

Attachment: pgpTuI2ZWjNsv.pgp
Description: PGP signature


Reply to: