Re: Policy question
> On Mon, Feb 01, 1999 at 11:41:09PM +0000, Julian Gilbey wrote:
>
> > An example of a package which already does almost exactly the same is
> > the secure-su package, which diverts the standard su to
> > /bin/su.orig/su or something like that, making /bin/su.orig mode 700,
> > so that noone except for root has access to the non-enhanced version
> > of su. This seems to be acceptable. Maybe there is some way for the
> > listar program to be setuid root, and the first thing it does is to
>
> Several general rules apply here:
>
> * Never setuid unless you really have to.
> * If you setuid, never setuid to root unless you really, really, really
> have to.
>
> There are a number of security issues that become more and more important
> when you setuid to root, so I would not be in favor of doing such a thing.
Sounds wise.
Julian
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey Email: J.D.Gilbey@qmw.ac.uk
Dept of Mathematical Sciences, Queen Mary & Westfield College,
Mile End Road, London E1 4NS, ENGLAND
-*- Finger jdg@goedel.maths.qmw.ac.uk for my PGP public key. -*-
Reply to: