Re: setuid/setgid binaries contained in the Debian repository.

To: debian-devel@lists.debian.org
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Steve Greenland <steveg@moregruel.net>
Date: Mon, 11 Aug 2003 18:00:52 -0500
Message-id: <[🔎] 20030811230052.GA7475@molehole.dyndns.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: Steve Greenland <steveg@moregruel.net>
In-reply-to: <[🔎] 20030811182645.GB20650@evbergen.xs4all.nl>
References: <fkJl.2C7.7@gated-at.bofh.it> <[🔎] 200308110945.50230.josef@ggzgamingzone.org> <[🔎] 20030811085650.GA17898@evbergen.xs4all.nl> <[🔎] 200308111234.00658.josef@ggzgamingzone.org> <[🔎] 20030811134149.GR23819@alcor.net> <[🔎] 20030811140338.GB7413@evbergen.xs4all.nl> <[🔎] 20030811143437.GB15143@alcor.net> <[🔎] 20030811161919.GB11157@evbergen.xs4all.nl> <[🔎] 20030811173121.GL15143@alcor.net> <[🔎] 20030811182645.GB20650@evbergen.xs4all.nl>

On 11-Aug-03, 13:26 (CDT), Emile van Bergen <emile-deb@evbergen.xs4all.nl> wrote: 
> But fundamentally, there is no alternative. 

Sure there is. It's called "fine grained privileges" or somesuch, and
allows you to assign a user or program a specific set of priviliges or
capabilities needed to accomplish the task at hand. That way, when the
program is exploited, you don't give away the farm the way you do with
Unix's all-or-nothing root user. SELinux is one implementation of this
idea, althugh it's hardly new.

And no, using specific users or groups for specific tasks is NOT
equivalent, it's just the best we can do with the standard Unix security
model.

Steve

-- 
Steve Greenland
    The irony is that Bill Gates claims to be making a stable operating
    system and Linus Torvalds claims to be trying to take over the
    world.       -- seen on the net

Reply to:

Follow-Ups:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Gunnar Wolf <gwolf@gwolf.cx>

References:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Josef Spillner <josef@ggzgamingzone.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Josef Spillner <josef@ggzgamingzone.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>

Prev by Date: Re: libraries being removed from the archive
Next by Date: Re: setuid/setgid binaries contained in the Debian repository.
Previous by thread: Re: setuid/setgid binaries contained in the Debian repository.
Next by thread: Re: setuid/setgid binaries contained in the Debian repository.
Index(es):
- Date
- Thread