Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 May 1997 08:07:12 -0700
From:      "Jordan K. Hubbard" <jkh@time.cdrom.com>
To:        joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
Cc:        current@FreeBSD.ORG
Subject:   Re: RELENG_2_2 
Message-ID:  <16305.863622432@time.cdrom.com>
In-Reply-To: Your message of "Wed, 14 May 1997 11:19:26 %2B0200." <19970514111926.DF34579@uriah.heep.sax.de> 

next in thread | previous in thread | raw e-mail | index | archive | help
> popper is _way_ smaller, basically intelligible, does not provide the
> usual dangerous interfaces of MUAs (like spawning shells etc.).  I can
> live with 10 poppers being setuid root, if this saves me from an MUA
> being set[ug]id at all.

Heh.  Small it may be, but you still only need the very smallest
security hole in a suid root program to give a cracker a very LARGE
degree of access to your system. :-) I think my point still stands,
and since nobody seems to be doing much in the way of hacking popper
to even fix its current degree of root dependence, small as it may be,
I'd say it's still obviously large enough to deter such work.

> Did he ever try to hire someone to fix this particular problem?

I don't know - I don't really try to get too involved in a vendor's
internal decisions any further than I need to in order to be
cooperative with them, and that's really what this is all about.  Any
short term "losses" in adding this group-write mechanism are, IMHO,
more than offset by the value of getting an industry standard desktop
for FreeBSD and I think that the trade is more than reasonable, which
is why I made it.

Seriously, this is not about me adding gratuitous features just for
the fun of calling down the email equivalent of lightning on my head -
I don't need that any more than the next guy - I'm simply trying to
implement what I feel is the far greater and more important strategy
of getting commercial software vendors to play ball with us, and by
doing so I've both accomodated CDE and sent the strong message to
other ISVs that we're willing to make concensions when necessary.  Am
I truly the only one to see the importance of this? ;-)

					Jordan



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16305.863622432>