From owner-cvs-all@FreeBSD.ORG Tue Mar 2 08:13:59 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 904E016A4D1; Tue, 2 Mar 2004 08:13:59 -0800 (PST) Received: from srv01.sparkit.no (srv01.sparkit.no [193.69.116.226]) by mx1.FreeBSD.org (Postfix) with ESMTP id D418243D54; Tue, 2 Mar 2004 08:13:58 -0800 (PST) (envelope-from eivind@FreeBSD.org) Received: from ws ([193.69.114.88]) by srv01.sparkit.no (8.12.10/8.12.10) with ESMTP id i22GDqSD030661; Tue, 2 Mar 2004 17:13:52 +0100 (CET) (envelope-from eivind@FreeBSD.org) Received: from ws (localhost [127.0.0.1]) by ws (8.12.9/8.12.10) with ESMTP id i22GCmmd062389; Tue, 2 Mar 2004 16:12:48 GMT (envelope-from eivind@ws) Received: (from eivind@localhost) by ws (8.12.9/8.12.10/Submit) id i22GClOr062271; Tue, 2 Mar 2004 16:12:47 GMT (envelope-from eivind) Date: Tue, 2 Mar 2004 16:11:47 +0000 From: Eivind Eklund To: "Brian F. Feldman" Message-ID: <20040302161147.GK27008@FreeBSD.org> References: <20040302153831.GK13724@sirius.firepipe.net> <200403021553.i22Frvhr030302@green.homeunix.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200403021553.i22Frvhr030302@green.homeunix.org> User-Agent: Mutt/1.5.4i cc: "Jacques A. Vidrine" cc: Michael Nottebrock cc: Will Andrews cc: ports-committers@FreeBSD.org cc: cvs-all@FreeBSD.org cc: cvs-ports@FreeBSD.org cc: Michael Nottebrock Subject: Re: cvs commit: ports/audio/arts Makefile X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 16:13:59 -0000 On Tue, Mar 02, 2004 at 10:53:57AM -0500, Brian F. Feldman wrote: > Will Andrews wrote: > > On Tue, Mar 02, 2004 at 07:47:52AM -0600, Jacques A. Vidrine wrote: > > > P.S. I don't mean to pick on this port in particular. I believe there > > > are other ports that install set-user-ID binaries where it is not > > > essential. I just haven't had a chance to make a sweep of the tree yet > > > to identify them. > > > > I agree with Michael - I'd rather have working software than > > a false sense of security, when it comes to desktop software. > > > > If you are going to push a "make all setuid bits optional" > > agenda, I suggest coming up with a standard means of letting the > > administrator specify their policy regarding those. You could > > also offer alternate means of achieving the effect that set-id > > wrappers/programs intend with their privileges. > > > > Unfortunately, in arts' case, setpriority(2) is superuser-only. > > Perhaps in FreeBSD 5, we should start implementing standard means > > of allowing programs like artsd to call setpriority(2) without > > privileges, e.g. through MAC. > > Is it setpriority(2) or rtprio(2)? The latter was implied, It's sched_setscheduler(). I think it sets up a real time scheduler (it looks like it), but the man page is not clear, and I'm not familiar with it from before. > and it is NOT acceptable to have ports use rtprio(2) without consent > from the system administrator -- and not implicit consent, either. It is inacceptable to have our desktop systems not work properly. Desktop users is where we recruit a large fraction of our developers. I think that the change in question looks safe (I've reviewed the wrapper in question - the only two things that I'd have done differently is move a printf to after dropping privileges, and just do a forced drop of privileges instead of testing to see if it is necessary). I also think that wanting to have the users give explict OK is a worthy goal - but this HAS to be doable globally, and it HAS to be obvious to the users. Perhaps a wrapper-wrapper would be the solution. Barring that, I think that we should just review the wrappers really carefully and keep the setuid bits. Eivind.