[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user private groups and a src group

> [...much deleted...]

> * Zillions of directories (almost all, in fact) should have the setgid
> bit set.  This includes at least
>  - user home directories
>  - /usr/src
>  - The entire /usr/local tree (which should presumably be group src)

I really don't see why this is needed as a default part of the debian

What benefits does it give you which can't be achieved just by expecting
a little intelligence from the sysadmin and from the user?

If you guys who want to have it really need it, then why not develop a
package with the required patched binaries, and a shell script to change
all the directory permissions automagically.

That way, those of you who want this can have it, while those of use who
prefer the traditional and secure methods of group management can rest

> In fact, it might be easier to
>   find / -type d -print0 | xargs -0 chmod -R g+s
> and then fix up the exceptions by hand.  The only ones I can think of
> at the moment are /tmp and /var/tmp, though there may be others,
> especially belonging to some obscure packages.

This sounds horrendously insecure. /usr/bin is owned by root.root, for
example, and you want to have it setgid???? !

And to make it worse, you want to introduce such a drastic change just
weeks before the 1.0 release...that's nowhere near enough time to find
all the security holes which will be introduced and then patch them up.

As far as I am concerned, if this becomes a standard "feature" of debian
then I am going to have to give up on debian and start looking for
something else to install.  I don't have the time to spend fixing up
such a weirdo "solution" to a problem which doesn't even exist.

Reply to: