Re: setuid/setgid binaries contained in the Debian repository.
On Fri, 1 Aug 2003 13:46:48 -0400,
Joey Hess <email@example.com> wrote:
> --- policy.sgml.orig 2003-08-01 13:40:51.000000000 -0400
> +++ policy.sgml 2003-08-01 13:45:24.000000000 -0400
> @@ -7104,6 +7104,14 @@
> execute them.
> + <p>
> + Since setuid and setgid programs are often a security rick,
> + you should not add any new setuid or setgid programs to
> + the distribution before this has been discussed on the
> + <em>debian-security</em> mailing list and a consensus about
> + doing that has been reached.
> + </p>
> It is possible to arrange that the system administrator can
> reconfigure the package to correspond to their local
I object. My interpretation of this paragraph is "if there were not
nethack in Debian, we would not need it unless you remove the score file,
the bone file, the player ghost and whatever from it or you implement
them securely without any setid".
I don't care if you mandate a prior peer view _request_ (not prior approval)
when ITPing a setid program, but if no one says anything about it for some
weeks, why can't I upload that program? After all, I maintain the package.
Pre-Depends or something that is already in the Policy is more or less
about package relationship, but setid is not.
Oohara Yuuma <firstname.lastname@example.org>
PGP key (key ID F464A695) http://www.interq.or.jp/libra/oohara/pub-key.txt
Key fingerprint = 6142 8D07 9C5B 159B C170 1F4A 40D6 F42E F464 A695
Er, let's get into all the messes of the parliament.
--- shinichiro.h, diary 2003/3/24 "parliamentary bullet-dodging system"