Date: Fri, 5 Mar 2004 00:58:50 +0100 From: Michael Nottebrock <michaelnottebrock@gmx.net> To: "Jacques A. Vidrine" <nectar@freebsd.org> Cc: cvs-ports@freebsd.org Subject: Re: cvs commit: ports/audio/arts Makefile Message-ID: <200403050058.54374.michaelnottebrock@gmx.net> In-Reply-To: <20040304230002.GD19335@lum.celabo.org> References: <200402072116.i17LGmkA007339@repoman.freebsd.org> <20040303163111.L55861@volatile.chemikals.org> <20040304230002.GD19335@lum.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Friday 05 March 2004 00:00, Jacques A. Vidrine wrote: > On Wed, Mar 03, 2004 at 04:34:11PM -0500, Wesley Morgan wrote: > > IMO any port that wishes to install a suid binary by default should be > > required to get approval from the FreeBSD Security Team, and their > > decisions, not the port maintainers, be final in cases where it is > > optional. The problem with that approach is that you cannot really trust a "security team" more than a port maintainer (or a port maintainer team). A member of the security team might be more competent than the port maintainer in some instances, in other instances it might be the other way around. Although I have been told before that I just don't understand security, I believe you can't achieve security by trusting in name tags. > > This in addition to any prominent warnings about suid binaries > > deemed necessary. Every port that installs binaries already warns you about them, automatically, and the daily security run from periodic scans for new setuid binaries as well. > I will be very happy to > see what Michael comes up with for artswrappers, and for myself I intend > to investigate various X11-related bits that were brought up previously. Artswrapper will be similar to x11/wrapper. -- ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAR8K+Xhc68WspdLARAv9hAJ0VsrdSG9Zsmr0z84S0TZawlYaH4gCfdU34 YGTAGVERRY4FYIiKwTCmvws= =po+Q -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403050058.54374.michaelnottebrock>