Re: policy violation and bug reports. - some resolution?
On Fri, Feb 27, 1998 at 05:54:56PM +0100, Christian Schwarz wrote:
> On Wed, 25 Feb 1998, Adrian Bridgett wrote:
> > - make the program setuid in the .deb file. Additionally, put this in the
> > postinst:
>
> No, games should not be `setuid', but `setgid games' only.
Thinko. Aargh - I've deleted the message about SVGAlib games needing setuid
so I'm replying to this message instead. I thought that we were not shipping
them setuid for security reasons (which seems to be a Debian strong point).
It would be nice to have a "svgalib" group so that people could run the
games without either:
"su" to games
making the program setuid
I don't know how this would work (particularly with programs that can run
both in X-windows and in SVGAlib), but we could have a script that checked
to see if the current console was in X-windows or at the console. If it was
the console then only if the user was a member of the "svgalib" group would
the script run the program as root, otherwise it would just exit with an
error message. I've heard bad things about setuid scripts - maybe we need a
small C-program for this instead?
Adrian
email: adrian.bridgett@poboxes.com | Debian Linux - www.debian.org
http://www.poboxes.com/adrian.bridgett | Because bloated, unstable
PGP key available on public key servers | operating systems are from MS
Reply to: