On Saturday 17 May 2003 19:50, Martin Schlemmer wrote:
> On Sat, 2003-05-17 at 15:48, Grant Goodyear wrote:
> > > > > I'm adding a new local use flag for kde-base/arts: artswrappersuid.
> > > > > It sets artswrapper suid root, which allows artsd (kde's sound
> > > > > server) to run with realtime priority and avoid skips and clicks,
> > > > > but it's a security hazard, so it's off by default.
> >
> > If we're going to go the USE flag route, how about a generic "suid"
> > flag, then, instead of a local USE flag.  I know this issue either
> > can or does occur for more than one package.
>
> Does make sense, as adding support for one package will bring request
> for the others we do not suid by default.

Well, security isn't my home turf, so since everyone thinks a global flag is 
OK, I won't object :-) (Spider already replied to me privately suggesting the 
same thing, but then seemed to change his mind, or maybe I just misunderstood 
him. Anyhow, what do other people think, in particular our security people?.)

Just that as I said to him, it would have to be on by default and 
defined as: "Turn off this flag to enable highly insecure default 
configurations for the sake of performance - for fully trusted environments 
only". That could even be a global "security" flag, not just "suid". But it's 
ok with me either way. Opinions?

-- 
Dan Armak
Gentoo Linux developer (KDE)
Matan, Israel
Public GPG key: http://cvs.gentoo.org/~danarmak/danarmak-gpg-public.key