List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Sat, May 17, 2003 at 09:49:32PM +0300, Dan Armak wrote:
Content-Description: signed data
> Well, security isn't my home turf, so since everyone thinks a global flag is
> OK, I won't object :-) (Spider already replied to me privately suggesting the
> same thing, but then seemed to change his mind, or maybe I just misunderstood
> him. Anyhow, what do other people think, in particular our security people?.)
> Just that as I said to him, it would have to be on by default and
> defined as: "Turn off this flag to enable highly insecure default
> configurations for the sake of performance - for fully trusted environments
> only". That could even be a global "security" flag, not just "suid". But it's
> ok with me either way. Opinions?
i dont like the idea of a global suid flag.
an alternative would be to implement this feature with sudo and have a
sudo-update script which creates an autogenerated script in a
path which is scanned prior to /usr/bin...
i am not sure how this script will be unmerged, but it could be ok if
sudo-update added the script to /var/db/pkg/*/*/CONTENTS....
This seems a little safer to me... but much more hassle of course.
http://galan.sourceforge.net -- The graphical Audio language