[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setuid/setgid binaries contained in the Debian repository.



Steve Kemp wrote:
> On Thu, Jul 31, 2003 at 12:55:28PM -0400, Joey Hess wrote:
> 
> > I'd like to see us move all of our setgid games (except, perhaps,
> > nethack) away from using global score files by default. 
> 
>   I think that should be a good option, but I can see several 
>  games that might suffer by it.

Right, such as nethack. Not many though.

>   I'm loath to ask the user if it should be setgid in the installer
>  because that's just needless distraction, but perhaps some global
>  'setgidnes' setting could be stored in /etc/games?

I just threw something in README.Debian and NEWS.Debian about it for
xbl.

> > I also think it would be a good idea for policy to require all
> > setuid/gid bit grants to go through this or another list for peer
> > review, much as pre-depends are supposed to.
> 
>   I was thinking of approaching that problem a different way.
>   
>   In the same way that apt-listchanges shows a packages changelog
>  at install time, I could see a script 'apt-listsetuid' which would
>  warn the admin at install time if any new setuid/setgid applications
>  were being installed.
>   (Optionally with the option to remove such bits on a global or per
>  package basis).
>  
>   I've thought this several times, but never quite gotten around to
>  writing the code - if there was any interest I would.

That might have more or less the same effect, if developers are the ones
who run the script. I don't feel this would be very useful for users
though.

-- 
see shy jo

Attachment: pgpvLYydeokO5.pgp
Description: PGP signature


Reply to: