Date: Mon, 24 Feb 1997 13:22:52 -0800 From: "Jordan K. Hubbard" <jkh@time.cdrom.com> To: Warner Losh <imp@village.org> Cc: Julian Elischer <julian@whistle.com>, Adrian Chadd <adrian@obiwan.aceonline.com.au>, Jake Hamby <jehamby@lightside.com>, hackers@freebsd.org, auditors@freebsd.org Subject: Re: disallow setuid root shells? Message-ID: <1735.856819372@time.cdrom.com> In-Reply-To: Your message of "Mon, 24 Feb 1997 14:16:12 MST." <E0vz7kq-00059M-00@rover.village.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> I think that I like this better. There are many people that use a > setuid/setgid shell program to allow access to other programs on the > system. At least this was true before sudo and friends. I could also live with this. I have thought a bit more about supporting the exit-on-suid shell hack, and I have to also agree with some of the folks who point out that it really *would* violate POLA and veer dangerously close to just breaking something in support of arbitrary principles rather than good engineering. Feh. This is clearly one of those issues with lots of pros-and-cons on either side. :-) How about if we be conservative and just add logging for now? :-) Jordan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1735.856819372>