[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-dev
Subject: Re: [gentoo-dev] [SECURITY] Minimizing the suid usage
From: "Alon Bar-Lev" <alonbl () gentoo ! org>
Date: 2008-03-24 13:55:48
Message-ID: 9e0cf0bf0803240655g6f0ab2dbh3782fd63222287b8 () mail ! gmail ! com
[Download RAW message or body]
On 3/24/08, Mike Frysinger <vapier@gentoo.org> wrote:
> how much do we want to help the user ? if they have USE=filecaps, then dont
> perform any checking ? we'll need a kernel with file capabilities turned on,
> otherwise the prog wont work unless it's setuid ... so do we perform checking
> and drop the setuid bit on the post sly ? i'd prefer we just make the
> filecaps desc verbose: dont set this unless you have new enough kernel with
> options enabled, otherwise things may stop working properly as non-root.
I also prefer descriptive warning and not runtime checks. Worse case
scenario, system will be usable for root only. root can remove this
USE flag and emerge --update --deep --newuse world.
Alon.
--
gentoo-dev@lists.gentoo.org mailing list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic