From owner-cvs-all@FreeBSD.ORG Tue Mar 2 07:38:32 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22FEB16A4CE; Tue, 2 Mar 2004 07:38:32 -0800 (PST) Received: from sirius.firepipe.net (sirius.firepipe.net [69.13.116.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id F36CE43D1D; Tue, 2 Mar 2004 07:38:31 -0800 (PST) (envelope-from will@csociety.org) Received: by sirius.firepipe.net (Postfix, from userid 1000) id 4157B18A09; Tue, 2 Mar 2004 10:38:31 -0500 (EST) Date: Tue, 2 Mar 2004 10:38:31 -0500 From: Will Andrews To: "Jacques A. Vidrine" Message-ID: <20040302153831.GK13724@sirius.firepipe.net> References: <200402072116.i17LGmkA007339@repoman.freebsd.org> <20040301212624.GF8957@lum.celabo.org> <200403020912.29657.michaelnottebrock@gmx.net> <20040302134752.GB678@lum.celabo.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="4LFBTxd4L5NLO6ly" Content-Disposition: inline In-Reply-To: <20040302134752.GB678@lum.celabo.org> User-Agent: Mutt/1.4.1i cc: cvs-ports@freebsd.org cc: cvs-all@freebsd.org cc: Michael Nottebrock cc: Michael Nottebrock cc: ports-committers@freebsd.org Subject: Re: cvs commit: ports/audio/arts Makefile X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Mar 2004 15:38:32 -0000 --4LFBTxd4L5NLO6ly Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Mar 02, 2004 at 07:47:52AM -0600, Jacques A. Vidrine wrote: > P.S. I don't mean to pick on this port in particular. I believe there > are other ports that install set-user-ID binaries where it is not > essential. I just haven't had a chance to make a sweep of the tree yet > to identify them. I agree with Michael - I'd rather have working software than a false sense of security, when it comes to desktop software. If you are going to push a "make all setuid bits optional" agenda, I suggest coming up with a standard means of letting the administrator specify their policy regarding those. You could also offer alternate means of achieving the effect that set-id wrappers/programs intend with their privileges. Unfortunately, in arts' case, setpriority(2) is superuser-only. Perhaps in FreeBSD 5, we should start implementing standard means of allowing programs like artsd to call setpriority(2) without privileges, e.g. through MAC. Regards, --=20 wca --4LFBTxd4L5NLO6ly Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (FreeBSD) iD8DBQFARKp2F47idPgWcsURAu20AJ9nemlVP9ayELZ+h7r1iik1nS04qwCfbuyl cZaV/pTMkdf3HZOmNUhGT24= =MPZx -----END PGP SIGNATURE----- --4LFBTxd4L5NLO6ly--