Re: Policy question

To: jgoerzen@complete.org (John Goerzen)
Cc: J.D.Gilbey@qmw.ac.uk, phouchg@cif.rochester.edu, debian-policy@lists.debian.org
Subject: Re: Policy question
From: jdg@maths.qmw.ac.uk (Julian Gilbey)
Date: Tue, 2 Feb 1999 01:12:09 +0000 (GMT)
Message-id: <[🔎] m107UNt-000ImxC@polya>
In-reply-to: <[🔎] 19990201182842.B1950@complete.org> from John Goerzen at "Feb 1, 1999 6:28:42 pm"

> On Mon, Feb 01, 1999 at 11:41:09PM +0000, Julian Gilbey wrote:
> 
> > An example of a package which already does almost exactly the same is
> > the secure-su package, which diverts the standard su to
> > /bin/su.orig/su or something like that, making /bin/su.orig mode 700,
> > so that noone except for root has access to the non-enhanced version
> > of su.  This seems to be acceptable.  Maybe there is some way for the
> > listar program to be setuid root, and the first thing it does is to
> 
> Several general rules apply here:
> 
>  * Never setuid unless you really have to.
>  * If you setuid, never setuid to root unless you really, really, really
>    have to.
> 
> There are a number of security issues that become more and more important
> when you setuid to root, so I would not be in favor of doing such a thing.

Sounds wise.

   Julian

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

            Julian Gilbey             Email: J.D.Gilbey@qmw.ac.uk
       Dept of Mathematical Sciences, Queen Mary & Westfield College,
                  Mile End Road, London E1 4NS, ENGLAND
      -*- Finger jdg@goedel.maths.qmw.ac.uk for my PGP public key. -*-

Reply to:

References:
- Re: Policy question
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Re: Policy question
Next by Date: Re: Policy question
Previous by thread: Re: Policy question
Next by thread: Re: Policy question
Index(es):
- Date
- Thread