1 |
On Saturday 17 May 2003 19:50, Martin Schlemmer wrote: |
2 |
> On Sat, 2003-05-17 at 15:48, Grant Goodyear wrote: |
3 |
> > > > > I'm adding a new local use flag for kde-base/arts: artswrappersuid. |
4 |
> > > > > It sets artswrapper suid root, which allows artsd (kde's sound |
5 |
> > > > > server) to run with realtime priority and avoid skips and clicks, |
6 |
> > > > > but it's a security hazard, so it's off by default. |
7 |
> > |
8 |
> > If we're going to go the USE flag route, how about a generic "suid" |
9 |
> > flag, then, instead of a local USE flag. I know this issue either |
10 |
> > can or does occur for more than one package. |
11 |
> |
12 |
> Does make sense, as adding support for one package will bring request |
13 |
> for the others we do not suid by default. |
14 |
|
15 |
Well, security isn't my home turf, so since everyone thinks a global flag is |
16 |
OK, I won't object :-) (Spider already replied to me privately suggesting the |
17 |
same thing, but then seemed to change his mind, or maybe I just misunderstood |
18 |
him. Anyhow, what do other people think, in particular our security people?.) |
19 |
|
20 |
Just that as I said to him, it would have to be on by default and |
21 |
defined as: "Turn off this flag to enable highly insecure default |
22 |
configurations for the sake of performance - for fully trusted environments |
23 |
only". That could even be a global "security" flag, not just "suid". But it's |
24 |
ok with me either way. Opinions? |
25 |
|
26 |
-- |
27 |
Dan Armak |
28 |
Gentoo Linux developer (KDE) |
29 |
Matan, Israel |
30 |
Public GPG key: http://cvs.gentoo.org/~danarmak/danarmak-gpg-public.key |