On Sat, May 17, 2003 at 09:49:32PM +0300, Dan Armak wrote:
Content-Description: signed data
> Well, security isn't my home turf, so since everyone thinks a global flag is 
> OK, I won't object :-) (Spider already replied to me privately suggesting the 
> same thing, but then seemed to change his mind, or maybe I just misunderstood 
> him. Anyhow, what do other people think, in particular our security people?.)
> 
> Just that as I said to him, it would have to be on by default and 
> defined as: "Turn off this flag to enable highly insecure default 
> configurations for the sake of performance - for fully trusted environments 
> only". That could even be a global "security" flag, not just "suid". But it's 
> ok with me either way. Opinions?

i dont like the idea of a global suid flag.

an alternative would be to implement this feature with sudo and have a
sudo-update script which creates an autogenerated script in a
path which is scanned prior to /usr/bin...

i am not sure how this script will be unmerged, but it could be ok if
sudo-update added the script to /var/db/pkg/*/*/CONTENTS....

This seems a little safer to me... but much more hassle of course.


-- 
torben Hohn
http://galan.sourceforge.net -- The graphical Audio language