Date: Tue, 2 Mar 2004 11:55:12 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Eivind Eklund <eivind@FreeBSD.org> Cc: Michael Nottebrock <michaelnottebrock@gmx.net> Subject: Re: cvs commit: ports/audio/arts Makefile Message-ID: <20040302175511.GD1377@lum.celabo.org> In-Reply-To: <20040302161147.GK27008@FreeBSD.org> References: <20040302153831.GK13724@sirius.firepipe.net> <200403021553.i22Frvhr030302@green.homeunix.org> <20040302161147.GK27008@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 02, 2004 at 04:11:47PM +0000, Eivind Eklund wrote: > It is inacceptable to have our desktop systems not work properly. > Desktop users is where we recruit a large fraction of our developers. > > I think that the change in question looks safe (I've reviewed the > wrapper in question - the only two things that I'd have done differently > is move a printf to after dropping privileges, and just do a forced drop > of privileges instead of testing to see if it is necessary). I also > think that wanting to have the users give explict OK is a worthy goal - > but this HAS to be doable globally, and it HAS to be obvious to the > users. Perhaps a wrapper-wrapper would be the solution. > > Barring that, I think that we should just review the wrappers really > carefully and keep the setuid bits. arts is used by more than just KDE, and artsd isn't needed in many cases (much less a set-user-ID artswrapper). We should not be installing another set-user-ID binary that would only ever be used in attempted privilege escalation. arts has been fine with no set-user-ID; it is trivial to make set-user-IDness an option; it is trivial to make accomodate even the package user that doesn't care about possible security issues. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040302175511.GD1377>