Gentoo Archives: gentoo-dev

From: Dan Armak <danarmak@g.o>
To: gentoo-dev@g.o
Subject: Re: [gentoo-dev] New local use flag for arts: artswrappersuid
Date: Sat, 17 May 2003 18:50:58
In Reply to: Re: [gentoo-dev] New local use flag for arts: artswrappersuid by Martin Schlemmer
On Saturday 17 May 2003 19:50, Martin Schlemmer wrote:
> On Sat, 2003-05-17 at 15:48, Grant Goodyear wrote: > > > > > I'm adding a new local use flag for kde-base/arts: artswrappersuid. > > > > > It sets artswrapper suid root, which allows artsd (kde's sound > > > > > server) to run with realtime priority and avoid skips and clicks, > > > > > but it's a security hazard, so it's off by default. > > > > If we're going to go the USE flag route, how about a generic "suid" > > flag, then, instead of a local USE flag. I know this issue either > > can or does occur for more than one package. > > Does make sense, as adding support for one package will bring request > for the others we do not suid by default.
Well, security isn't my home turf, so since everyone thinks a global flag is OK, I won't object :-) (Spider already replied to me privately suggesting the same thing, but then seemed to change his mind, or maybe I just misunderstood him. Anyhow, what do other people think, in particular our security people?.) Just that as I said to him, it would have to be on by default and defined as: "Turn off this flag to enable highly insecure default configurations for the sake of performance - for fully trusted environments only". That could even be a global "security" flag, not just "suid". But it's ok with me either way. Opinions? -- Dan Armak Gentoo Linux developer (KDE) Matan, Israel Public GPG key: