Date: Wed, 3 Mar 2004 08:44:20 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Will Andrews <will@csociety.org> Cc: ports-committers@freebsd.org Subject: Re: cvs commit: ports/audio/arts Makefile Message-ID: <20040303144420.GB31654@madman.celabo.org> In-Reply-To: <20040302175250.GL13724@sirius.firepipe.net> References: <200402072116.i17LGmkA007339@repoman.freebsd.org> <20040301212624.GF8957@lum.celabo.org> <200403020912.29657.michaelnottebrock@gmx.net> <20040302134752.GB678@lum.celabo.org> <20040302153831.GK13724@sirius.firepipe.net> <20040302175028.GC1377@lum.celabo.org> <20040302175250.GL13724@sirius.firepipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Mar 02, 2004 at 12:52:50PM -0500, Will Andrews wrote: > On Tue, Mar 02, 2004 at 11:50:29AM -0600, Jacques A. Vidrine wrote: > > I have no intention. However, for ports that do not require the > > set-user-ID bit in order to function (and this is demonstrably true > > with arts), I would like not to install with set-user-ID by default. > > Then we disagree on the definition of "function". I do not think > there is any reason to believe that the setuid bit on artswrapper > is a threat to anybody. So let it be. Yes, we disagree. I believe that artswrapper *could* be a threat, or I wouldn't be here. As I said previously, I have witnessed several instances where other operating systems distributed packages that contained set-user-ID binaries, and it became a security issue. Because we (FreeBSD Project) are not so reckless, we distribute the exact same packages but without the set-user-ID set. Result: The other OSs have security bugs that we don't. Of course, packages sometimes themselves appear to be coded correctly and safe, but due to library bugs or even kernel bugs, can actually present a risk. So hell yes I will push to eliminate unnecessary set-user-ID binaries in the ports system and in the base system. (not my top priority--- it is just that seeing ports going the wrong way required interjection at this point) Feel free to argue about the definition of `function', but I have solid reasons to distrust set-user-ID binaries that are there just for bells and whistles (literally, in this case :-). So, `function': It seems to me that there is a large subset of arts users do not need set-user-ID artswrapper. The stock KDE code does not install with set-user-ID artswrapper. The KDE site warns about the impact of using set-user-ID artswrapper. Our ports collection has not installed it set-user-ID for years, and yet Google searches do not turn up many issues related to this. Many ports depend on arts that will never run artswrapper/artsd (my own desktop machine--- KDE free--- has arts installed with 16 dependent ports). Others have reported here that problems with `clicks' and what not are not so common, and that many can be traced back ultimately not to lack of set-user-ID artswrapper but to deeper system issues. Let's have cake and eat it too. Make the set-user-ID optional, default off. Using the wrapper as a separate port makes things quite flexible: if you KDE guys are so adamant that KDE users MUST HAVE this set-user-ID program (despite evidence to the contrary), then fine: you guys go ahead and depend on the wrapper. Then as response time bugs are shaken out, it will be easy to revisit. Or if we grow a method of controlling real-time priority that doesn't require root, it will be a simple matter of `portupgrade artswrapper' for 5.x users. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040303144420.GB31654>