Re: setuid/setgid binaries contained in the Debian repository.
On Sat, Aug 02, 2003 at 05:09:56PM -0500, Manoj Srivastava wrote:
> It is? OK, I am telling you /usr/bin/bar program in package
> foo really needs to be sgid. I'll document it in bar.6. Is this the
> end of discussion? Or are we going to really need to look at the code
> to see if the setgidness can be worked around?
It is the minimum I would expect from a good package, of course it can be
done much better.
Personally I do not care much about the games, because I expect them to be
unsecure and simply do not install them on important servers with multiple
users. However I can understand admins who want to maintain a friendly user
environemnt, and we should serve them by allowing "chmod g-s /usr/games/*".
BTW: anband is playable without sgid, but since I do not manage to get past
level 1 i am nor sure what kind of implications this has :)
Greetings
Bernd
--
(OO) -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
o--o *plush* 2048/93600EFD eckes@irc +497257930613 BE5-RIPE
(O____O) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Reply to: