| 1 |
On Sat, May 17, 2003 at 09:49:32PM +0300, Dan Armak wrote: |
| 2 |
Content-Description: signed data |
| 3 |
> Well, security isn't my home turf, so since everyone thinks a global flag is |
| 4 |
> OK, I won't object :-) (Spider already replied to me privately suggesting the |
| 5 |
> same thing, but then seemed to change his mind, or maybe I just misunderstood |
| 6 |
> him. Anyhow, what do other people think, in particular our security people?.) |
| 7 |
> |
| 8 |
> Just that as I said to him, it would have to be on by default and |
| 9 |
> defined as: "Turn off this flag to enable highly insecure default |
| 10 |
> configurations for the sake of performance - for fully trusted environments |
| 11 |
> only". That could even be a global "security" flag, not just "suid". But it's |
| 12 |
> ok with me either way. Opinions? |
| 13 |
|
| 14 |
i dont like the idea of a global suid flag. |
| 15 |
|
| 16 |
an alternative would be to implement this feature with sudo and have a |
| 17 |
sudo-update script which creates an autogenerated script in a |
| 18 |
path which is scanned prior to /usr/bin... |
| 19 |
|
| 20 |
i am not sure how this script will be unmerged, but it could be ok if |
| 21 |
sudo-update added the script to /var/db/pkg/*/*/CONTENTS.... |
| 22 |
|
| 23 |
This seems a little safer to me... but much more hassle of course. |
| 24 |
|
| 25 |
|
| 26 |
-- |
| 27 |
torben Hohn |
| 28 |
http://galan.sourceforge.net -- The graphical Audio language |
Archives