Re: Please proofread beep debconf template
Gerfried Fuchs quoted:
> _Choices: usable for all, usable for group audio, usable only for root
> _Description: Install beep as:
> beep must be run as root since it needs to access the speaker hardware.
> There are several possibilities to make the program usable: Either only
> for root (no suid bit at all), executable only by users of the group
> audio, or usable for all.
> .
> Since each program set as suid root can be a security risk this is not done
> by default. However, the program is quite small (~150 lines of code), so it
> is fairly easy to verify the safety of the code yourself, if you don't
> trust the package maintainer's judgement.
Well, it's all grammatical and intelligible, but it could do with
rephrasing. How about something more like this...
_Choices: usable for all, usable for group audio, usable only for root
_Description: Install beep as:
Since beep needs access to the speaker hardware, normal users will not be
able to use it unless the setuid bit is set. There are three options for its
permissions:
-rwsr-xr-x root:audio = setuid root for all users
-rwsr-xr-- root:audio = setuid root for members of the group "audio"
-rwxr-xr-x root:audio = non-setuid, and unusable for normal users
.
The third option is the default, since any program that grants elevated
privileges is a potential security risk. However, the program is quite small
(~150 lines of code), so it is fairly easy to verify the safety of the code
yourself, if you don't trust the package maintainer's judgement.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Reply to: