| 1 |
On Saturday 17 May 2003 19:50, Martin Schlemmer wrote: |
| 2 |
> On Sat, 2003-05-17 at 15:48, Grant Goodyear wrote: |
| 3 |
> > > > > I'm adding a new local use flag for kde-base/arts: artswrappersuid. |
| 4 |
> > > > > It sets artswrapper suid root, which allows artsd (kde's sound |
| 5 |
> > > > > server) to run with realtime priority and avoid skips and clicks, |
| 6 |
> > > > > but it's a security hazard, so it's off by default. |
| 7 |
> > |
| 8 |
> > If we're going to go the USE flag route, how about a generic "suid" |
| 9 |
> > flag, then, instead of a local USE flag. I know this issue either |
| 10 |
> > can or does occur for more than one package. |
| 11 |
> |
| 12 |
> Does make sense, as adding support for one package will bring request |
| 13 |
> for the others we do not suid by default. |
| 14 |
|
| 15 |
Well, security isn't my home turf, so since everyone thinks a global flag is |
| 16 |
OK, I won't object :-) (Spider already replied to me privately suggesting the |
| 17 |
same thing, but then seemed to change his mind, or maybe I just misunderstood |
| 18 |
him. Anyhow, what do other people think, in particular our security people?.) |
| 19 |
|
| 20 |
Just that as I said to him, it would have to be on by default and |
| 21 |
defined as: "Turn off this flag to enable highly insecure default |
| 22 |
configurations for the sake of performance - for fully trusted environments |
| 23 |
only". That could even be a global "security" flag, not just "suid". But it's |
| 24 |
ok with me either way. Opinions? |
| 25 |
|
| 26 |
-- |
| 27 |
Dan Armak |
| 28 |
Gentoo Linux developer (KDE) |
| 29 |
Matan, Israel |
| 30 |
Public GPG key: http://cvs.gentoo.org/~danarmak/danarmak-gpg-public.key |
Archives