Gentoo Archives: gentoo-dev

From: torbenh@×××.de
To: gentoo-dev@g.o
Subject: Re: [gentoo-dev] New local use flag for arts: artswrappersuid
Date: Sat, 17 May 2003 19:47:30
Message-Id: 20030517194721.GA18223@loco.wg.netz
In Reply to: Re: [gentoo-dev] New local use flag for arts: artswrappersuid by Dan Armak
On Sat, May 17, 2003 at 09:49:32PM +0300, Dan Armak wrote:
Content-Description: signed data
> Well, security isn't my home turf, so since everyone thinks a global flag is > OK, I won't object :-) (Spider already replied to me privately suggesting the > same thing, but then seemed to change his mind, or maybe I just misunderstood > him. Anyhow, what do other people think, in particular our security people?.) > > Just that as I said to him, it would have to be on by default and > defined as: "Turn off this flag to enable highly insecure default > configurations for the sake of performance - for fully trusted environments > only". That could even be a global "security" flag, not just "suid". But it's > ok with me either way. Opinions?
i dont like the idea of a global suid flag. an alternative would be to implement this feature with sudo and have a sudo-update script which creates an autogenerated script in a path which is scanned prior to /usr/bin... i am not sure how this script will be unmerged, but it could be ok if sudo-update added the script to /var/db/pkg/*/*/CONTENTS.... This seems a little safer to me... but much more hassle of course. -- torben Hohn -- The graphical Audio language