Re: setgid-wrapper

To: debian-mentors@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: setgid-wrapper
From: Matt Zimmerman <mdz@debian.org>
Date: Wed, 19 May 2004 09:34:00 -0700
Message-id: <[🔎] 20040519163359.GW14347@alcor.net>
Mail-followup-to: debian-mentors@lists.debian.org, debian-devel@lists.debian.org
In-reply-to: <[🔎] 1084967626.2373.141.camel@hovel.lepus.org>
References: <[🔎] 1084278352.2373.35.camel@hovel.lepus.org> <[🔎] 20040511154001.GA27694@gwolf.org> <[🔎] 1084325832.2373.66.camel@hovel.lepus.org> <[🔎] 20040512041200.GA20232@gadek.homelinux.org> <[🔎] 40A90483.8020008@watson.ibm.com> <1084882531.2373.129.camel@hovel.lepus.org> <40AA09A1.8060802@watson.ibm.com> <[🔎] 1084967626.2373.141.camel@hovel.lepus.org>

On Wed, May 19, 2004 at 07:53:46AM -0400, James Damour wrote:

> In this case, this setgid-wrapper concept would work for *all* Java
> applications.  I'm still not sure if it will work for shell driven apps
> in general, but it sounds reasonable.  Security may be a concern, but I
> believe that a simple, well written setgid-wrapper program, that only
> runs programs listed in its (root-owned) configuration file should be at
> least as secure as cron or at.  We should be sure to borrow the
> configuration update logic from cron or at to make sure that we are
> modifying the file in a way that is both secure, and meets Debian
> project guidelines.  
> 
> Should I take the first crack at writing setguid-wrapper?  Should we
> pass the concept by Debian Security first?

I apparently missed the beginning of this thread; could you explain the
problem and your proposed solution?

-- 
 - mdz

Reply to:

References:
- ITA: filler - Simple game in Java
  - From: James Damour <jdamour@nycap.rr.com>
- Re: ITA: filler - Simple game in Java
  - From: Gunnar Wolf <gwolf@gwolf.cx>
- Re: ITA: filler - Simple game in Java
  - From: James Damour <jdamour@nycap.rr.com>
- Re: ITA: filler - Simple game in Java
  - From: "Grzegorz B. Prokopski" <gadek@debian.org>
- setgid-wrapper (was: Re: ITA: filler - Simple game in Java)
  - From: Steven Augart <augart@watson.ibm.com>
- Re: setgid-wrapper
  - From: James Damour <jdamour@nycap.rr.com>

Prev by Date: Re: Right way for calculating versioned dependencies?
Next by Date: Re: orphaning packages
Previous by thread: Re: setgid-wrapper
Next by thread: Re: setgid-wrapper
Index(es):
- Date
- Thread