Re: Audio Apps Mini-Policy, v0.1

To: Steve Kemp <skx@debian.org>
Cc: debian-mentors@lists.debian.org
Subject: Re: Audio Apps Mini-Policy, v0.1
From: Vincent Danjean <Vincent.Danjean@labri.fr>
Date: Tue, 28 Oct 2003 13:36:12 +0100
Message-id: <[🔎] 1067344572.10983.7.camel@galadriel.labri.fr>
In-reply-to: <[🔎] 20031028114749.GA6529@steve.org.uk>
References: <[🔎] 1067337787.15081.280.camel@zen8100a> <[🔎] 20031028114749.GA6529@steve.org.uk>

On Tue, 2003-10-28 at 12:47, Steve Kemp wrote:
> On Tue, Oct 28, 2003 at 09:43:07PM +1100, Zenaan Harkness wrote:
> 
> > Audio applications or applets (ie. executable files) requiring realtime
> > privileges should be installed as follows:
> >  - user = root
> >  - group = audio
> >  - permissions
> >    - SUID root
> >      - have a debconf question asking to allow/ deny this
> >      - [debconf question "importance level"??]
> >    - user = read, write, execute
> >    - group = read, execute
> >    - other = read only
> 
>   Why read only for other?  Given that they can't execute what is
>  presumably a compiled binary I'd treat them as untrusted and not allow
>  them to read it at all.

Because no more security is involved (one can download the packet and
extract the compiled binary or one can even recompile the binary from
sources (it is free software)).
For the same security level, it seems better to allow someone to read
the file than to forbid it. One can copy the file on it's own computer
and set the appropriate permission (assuming he is root on its own
computer). I've already done this.

Reply to:

References:
- Audio Apps Mini-Policy, v0.1
  - From: Zenaan Harkness <zen@iptaustralia.net>
- Re: Audio Apps Mini-Policy, v0.1
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Re: Audio Apps Mini-Policy, v0.1
Next by Date: Re: Audio Apps Mini-Policy, v0.1
Previous by thread: Re: Audio Apps Mini-Policy, v0.1
Next by thread: Re: Audio Apps Mini-Policy, v0.1
Index(es):
- Date
- Thread