On Wed, May 19, 2004 at 07:53:46AM -0400, James Damour wrote:
> In this case, this setgid-wrapper concept would work for *all* Java
> applications. I'm still not sure if it will work for shell driven apps
> in general, but it sounds reasonable. Security may be a concern, but I
> believe that a simple, well written setgid-wrapper program, that only
> runs programs listed in its (root-owned) configuration file should be at
> least as secure as cron or at. We should be sure to borrow the
> configuration update logic from cron or at to make sure that we are
> modifying the file in a way that is both secure, and meets Debian
> project guidelines.
> Should I take the first crack at writing setguid-wrapper? Should we
> pass the concept by Debian Security first?
I apparently missed the beginning of this thread; could you explain the
problem and your proposed solution?