Date: Thu, 4 Mar 2004 17:00:02 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Wesley Morgan <morganw@chemikals.org> Cc: Michael Nottebrock <michaelnottebrock@gmx.net> Subject: Re: cvs commit: ports/audio/arts Makefile Message-ID: <20040304230002.GD19335@lum.celabo.org> In-Reply-To: <20040303163111.L55861@volatile.chemikals.org> References: <200402072116.i17LGmkA007339@repoman.freebsd.org> <20040301212624.GF8957@lum.celabo.org> <200403020912.29657.michaelnottebrock@gmx.net> <20040302134752.GB678@lum.celabo.org> <20040302153831.GK13724@sirius.firepipe.net> <20040302175028.GC1377@lum.celabo.org> <20040302175250.GL13724@sirius.firepipe.net> <20040303144420.GB31654@madman.celabo.org> <20040303163111.L55861@volatile.chemikals.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 03, 2004 at 04:34:11PM -0500, Wesley Morgan wrote: > IMO any port that wishes to install a suid binary by default should be > required to get approval from the FreeBSD Security Team, and their > decisions, not the port maintainers, be final in cases where it is > optional. This in addition to any prominent warnings about suid binaries > deemed necessary. Well, I'd just be happy to hear from ports maintainers at security-team@ or even freebsd-security@. I think there is a lot of room for fruitful discussion in this area, not in the least regarding the appropriate mechanism to use to implement such `options'. I will be very happy to see what Michael comes up with for artswrappers, and for myself I intend to investigate various X11-related bits that were brought up previously. After we see what is good for a few test cases, then maybe we would be ready to add some guidelines to the Porter's Handbook about handling ports with set-user-ID bits. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040304230002.GD19335>