[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: setgid-wrapper

On Wed, May 19, 2004 at 07:53:46AM -0400, James Damour wrote:

> In this case, this setgid-wrapper concept would work for *all* Java
> applications.  I'm still not sure if it will work for shell driven apps
> in general, but it sounds reasonable.  Security may be a concern, but I
> believe that a simple, well written setgid-wrapper program, that only
> runs programs listed in its (root-owned) configuration file should be at
> least as secure as cron or at.  We should be sure to borrow the
> configuration update logic from cron or at to make sure that we are
> modifying the file in a way that is both secure, and meets Debian
> project guidelines.  
> Should I take the first crack at writing setguid-wrapper?  Should we
> pass the concept by Debian Security first?

I apparently missed the beginning of this thread; could you explain the
problem and your proposed solution?

 - mdz

Reply to: