[130] in linux-security and linux-alert archive
Re: "Find all the SUID programs." Fine. So which *should* be SUID?
daemon@ATHENA.MIT.EDU (Benedikt Stockebrand)
Mon Mar 13 00:39:17 1995
Date: Sun, 12 Mar 1995 22:37:31 +0100
From: Benedikt Stockebrand <benedikt@devnull.ping.de>
To: linux-security@tarsier.cv.nrao.edu
CC: linux-security@tarsier.cv.nrao.edu, linux-security@tarsier.cv.nrao.edu,
andy@distrib.com
In-reply-to: <Pine.LNX.3.91.950311232406.7090A-100000@touchstone.power.net> (message from Elias Levy on Sat, 11 Mar 1995 23:25:44 -0800 (PST))
Reply-To: linux-security@tarsier.cv.nrao.edu
On Sat, 11 Mar 1995 23:25:44 -0800 (PST), Elias Levy
<elias@power.net> wrote:
| On Sun, 12 Mar 1995, Benedikt Stockebrand wrote:
|
| > Coding the proper permissions inside the binaries. Make the program
| > check its own permissions upon startup and add an option like
| > "--check-own-permissions" to it.
| [ cut ]
| And just who decides what are the proper permissionsfor every diferent
| package? Thats the real problem.
Well, first of all the programmer of the package. This should work in
most cases and only leave the few difficult ones where package
interaction or such causes trouble. That's where the distributors
and/or local bin admins have to get in. But even if one package in
ten still caused such a problem this would already help a lot.
And finally, you could put some appropriate choices into the Makefiles
so even then you wouldn't have to do figure it all out from scratch.
Ben
-----------------------------------------------------------------------
Benedikt (Ben) Stockebrand (benedikt@devnull.ping.de) Dortmund, Germany
And don't tell me about Benedict Arnold anymore...
-----------------------------------------------------------------------
