Date: Tue, 02 Mar 2004 10:53:57 -0500 From: "Brian F. Feldman" <green@FreeBSD.org> To: Will Andrews <will@csociety.org> Cc: Michael Nottebrock <michaelnottebrock@gmx.net> Subject: Re: cvs commit: ports/audio/arts Makefile Message-ID: <200403021553.i22Frvhr030302@green.homeunix.org> In-Reply-To: Message from Will Andrews <will@csociety.org> <20040302153831.GK13724@sirius.firepipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Will Andrews <will@csociety.org> wrote: > On Tue, Mar 02, 2004 at 07:47:52AM -0600, Jacques A. Vidrine wrote: > > P.S. I don't mean to pick on this port in particular. I believe there > > are other ports that install set-user-ID binaries where it is not > > essential. I just haven't had a chance to make a sweep of the tree yet > > to identify them. > > I agree with Michael - I'd rather have working software than > a false sense of security, when it comes to desktop software. > > If you are going to push a "make all setuid bits optional" > agenda, I suggest coming up with a standard means of letting the > administrator specify their policy regarding those. You could > also offer alternate means of achieving the effect that set-id > wrappers/programs intend with their privileges. > > Unfortunately, in arts' case, setpriority(2) is superuser-only. > Perhaps in FreeBSD 5, we should start implementing standard means > of allowing programs like artsd to call setpriority(2) without > privileges, e.g. through MAC. Is it setpriority(2) or rtprio(2)? The latter was implied, and it is NOT acceptable to have ports use rtprio(2) without consent from the system administrator -- and not implicit consent, either. -- Brian Fundakowski Feldman \'[ FreeBSD ]''''''''''\ <> green@FreeBSD.org \ The Power to Serve! \ Opinions expressed are my own. \,,,,,,,,,,,,,,,,,,,,,,\
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403021553.i22Frvhr030302>