Date: Wed, 3 Mar 2004 16:34:11 -0500 (EST) From: Wesley Morgan <morganw@chemikals.org> To: "Jacques A. Vidrine" <nectar@freebsd.org> Cc: Michael Nottebrock <michaelnottebrock@gmx.net> Subject: Re: cvs commit: ports/audio/arts Makefile Message-ID: <20040303163111.L55861@volatile.chemikals.org> In-Reply-To: <20040303144420.GB31654@madman.celabo.org> References: <200402072116.i17LGmkA007339@repoman.freebsd.org> <200403020912.29657.michaelnottebrock@gmx.net> <20040302153831.GK13724@sirius.firepipe.net> <20040302175250.GL13724@sirius.firepipe.net> <20040303144420.GB31654@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 3 Mar 2004, Jacques A. Vidrine wrote: > On Tue, Mar 02, 2004 at 12:52:50PM -0500, Will Andrews wrote: > > On Tue, Mar 02, 2004 at 11:50:29AM -0600, Jacques A. Vidrine wrote: > > > I have no intention. However, for ports that do not require the > > > set-user-ID bit in order to function (and this is demonstrably true > > > with arts), I would like not to install with set-user-ID by default. > > > > Then we disagree on the definition of "function". I do not think > > there is any reason to believe that the setuid bit on artswrapper > > is a threat to anybody. So let it be. > > Yes, we disagree. I believe that artswrapper *could* be a threat, or I > wouldn't be here. > > As I said previously, I have witnessed several instances where other > operating systems distributed packages that contained set-user-ID binaries, > and it became a security issue. Because we (FreeBSD Project) are not > so reckless, we distribute the exact same packages but without the > set-user-ID set. Result: The other OSs have security bugs that we > don't. IMO any port that wishes to install a suid binary by default should be required to get approval from the FreeBSD Security Team, and their decisions, not the port maintainers, be final in cases where it is optional. This in addition to any prominent warnings about suid binaries deemed necessary. -- Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040303163111.L55861>