[577] in linux-security and linux-alert archive
Proposal: s[gu]id standards.
daemon@ATHENA.MIT.EDU (Bruce Murphy)
Sun Jan 28 13:15:12 1996
To: linux-security@tarsier.cv.nrao.edu
Reply-To: packrat@tartarus.uwa.edu.au
Date: Sun, 28 Jan 1996 17:02:55 +0800
From: Bruce Murphy <packrat@ratbox.rattus.uwa.edu.au>
It strikes me that an available standard on what programs should and
should not be suid could be useful.
Perhaps having a couple of standard configurations as linux can be
found both in a personal machine setting and as a multiuser box would
be advisable.
The creation of standard groups/users for things like games high score
tables and other functions that are currently suid root could be
helpful. Perhaps even allow programs that require /proc access to do
so a little more securely.
Obviously there is no need for this from the perspective security
aware users, but from the point of view of newer users, it would be
helpful both to have this as a widely available resource as well as
getting it incorporated (both in text and practice) into all the major
distributions.
They, after all, control the linux set-up and file structure that many
people use without modifications...
Cheers,
Bruce Murphy.
--
Packrat (BSc/BE;COSO;Wombat Admin)
Nihil illegitemi carborvndvm.
