1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 12/31/2012 01:44 AM, Walter Dnes wrote: |
5 |
> Moving USE flags from local to global status is frequently discussed |
6 |
> here, so this seems to be the right forum to raise the issue... |
7 |
> |
8 |
> [d531][waltdnes][~] grep suid /usr/portage/profiles/use.desc |
9 |
> suid - Enable setuid root program, with potential security risks |
10 |
> |
11 |
> [d531][waltdnes][~] grep :suid /usr/portage/profiles/use.local.desc |
12 |
> net-analyzer/nagios-plugins:suid - Give root privileges to the ICMP, DHCP and IDE S.M.A.R.T. check binaries. This allows them to ignore the access controls that would disallow the nagios user from running the check. |
13 |
> net-wireless/kismet:suid - Install a setuid root helper binary with limited functionality; this allows running kismet as a normal user, significantly reducing security risks |
14 |
> |
15 |
Just because it's a global use flag doesn't mean you cannot redefine it |
16 |
locally to more specifically define the use case in a particular |
17 |
package. That's clearly what is done for kismet here, I have no desire |
18 |
to undefine it and make what happens less clear. |
19 |
|
20 |
- -Zero |
21 |
|
22 |
> BTW, I would've appreciated a headsup (news item) on Xorg getting the |
23 |
> "suid" USE flag. I use startx, and I couldn't start X <G>. Fortunately, |
24 |
> that was on my netbook, and I was able to Google the solution on my |
25 |
> desktop machine... http://en.spontex.org/forum/thread/561/1/ I'm |
26 |
> posting a heads up on the user list. |
27 |
> |
28 |
|
29 |
-----BEGIN PGP SIGNATURE----- |
30 |
Version: GnuPG v2.0.19 (GNU/Linux) |
31 |
Comment: Using GnuPG with undefined - http://www.enigmail.net/ |
32 |
|
33 |
iQIcBAEBAgAGBQJQ4dAuAAoJEKXdFCfdEflKJW0P/0uP17fkn9h+3n+OZTi4B74G |
34 |
wjQmGYZ1+uAKZwluUY/4BUR6l03f+ayqQATzxTQyuNjaf0LwHTVvWHCuC0HlrJM2 |
35 |
77dWCHE7d9SYDM1uUIyxJHFUtD1OOyrUcsC9+biHk2asVnhMhegR8wvS/iqyHxao |
36 |
TiWUjXGQk12jMrMg6cIs1UPprAutLFuDX+JQFoIPew18bFw6fUQVsIcxn3OwjPzQ |
37 |
roxDJ+sLmqrs5hZcZ2BhD13o40uZFe75UtshnGBhMseZ/HRCiCy9ABZiPpcQTy8f |
38 |
9APXR2APt00CT3rjo2I6iGfqHS09ZfNET9VfcoQZ0GlVuzWk9CxMwKC2tLJazmnz |
39 |
uY3dx/A86ej664mq2WyzTAqUZqcK3nnaENoH/YiNqjI49q3+m98twzD4rusUJG+n |
40 |
EjGCItcj6uRckV2KBE3dOpuooK8kUNLjAQ1+I4AtX8tZprCwkdgH48UINy19uBB0 |
41 |
hwdyeYFBXVPcuk9bMgB0yxnR62JkS/3Txcn1AyxktbsBsEIGmmJrPAuZMv2LIaDp |
42 |
U1vp/PC+49GbU4U3IIWXfuvdueQaZsiWhDDUUjRpeQ8dm+IxWfQcyBFHtW+DO17t |
43 |
nNsMNnpmE4721+sQJDa/l/rbca8UNK39pcmVcGjJ/KzkOr3F8Yj6eV7OWows2jNd |
44 |
3/OkrdiT/rUUsJy8ZQRs |
45 |
=E8id |
46 |
-----END PGP SIGNATURE----- |