Date: Fri, 5 Mar 2004 00:58:50 +0100 From: Michael Nottebrock <michaelnottebrock@gmx.net> To: "Jacques A. Vidrine" <nectar@freebsd.org> Cc: cvs-ports@freebsd.org Subject: Re: cvs commit: ports/audio/arts Makefile Message-ID: <200403050058.54374.michaelnottebrock@gmx.net> In-Reply-To: <20040304230002.GD19335@lum.celabo.org> References: <200402072116.i17LGmkA007339@repoman.freebsd.org> <20040303163111.L55861@volatile.chemikals.org> <20040304230002.GD19335@lum.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--Boundary-02=_+K8RAxw7atW8DHp Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 05 March 2004 00:00, Jacques A. Vidrine wrote: > On Wed, Mar 03, 2004 at 04:34:11PM -0500, Wesley Morgan wrote: > > IMO any port that wishes to install a suid binary by default should be > > required to get approval from the FreeBSD Security Team, and their > > decisions, not the port maintainers, be final in cases where it is > > optional. The problem with that approach is that you cannot really trust a "security= =20 team" more than a port maintainer (or a port maintainer team). A member of= =20 the security team might be more competent than the port maintainer in some= =20 instances, in other instances it might be the other way around. Although I= =20 have been told before that I just don't understand security, I believe you= =20 can't achieve security by trusting in name tags. > > This in addition to any prominent warnings about suid binaries=20 > > deemed necessary. Every port that installs binaries already warns you about them, automatical= ly, =20 and the daily security run from periodic scans for new setuid binaries as=20 well. > I will be very happy to > see what Michael comes up with for artswrappers, and for myself I intend > to investigate various X11-related bits that were brought up previously. Artswrapper will be similar to x11/wrapper. =2D-=20 ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org --Boundary-02=_+K8RAxw7atW8DHp Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAR8K+Xhc68WspdLARAv9hAJ0VsrdSG9Zsmr0z84S0TZawlYaH4gCfdU34 YGTAGVERRY4FYIiKwTCmvws= =po+Q -----END PGP SIGNATURE----- --Boundary-02=_+K8RAxw7atW8DHp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403050058.54374.michaelnottebrock>