From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 8377 invoked by uid 1002); 17 May 2003 18:50:58 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 26243 invoked from network); 17 May 2003 18:50:58 -0000 From: Dan Armak Reply-To: danarmak@gentoo.org Organization: Gentoo Technologies, Inc. To: gentoo-dev@gentoo.org Date: Sat, 17 May 2003 21:49:32 +0300 User-Agent: KMail/1.5.9 References: <200305170143.28145.danarmak@gentoo.org> <20030517134847.GA22348@orange-pc.ces.clemson.edu> <1053190234.11920.52.camel@nosferatu.lan> In-Reply-To: <1053190234.11920.52.camel@nosferatu.lan> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_BRox+TqzoyyuZ8A"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200305172149.37763.danarmak@gentoo.org> Subject: Re: [gentoo-dev] New local use flag for arts: artswrappersuid X-Archives-Salt: 56c538de-5dc0-416a-b2bf-c086a69e8c29 X-Archives-Hash: ed22e438355434e444893984dbad7f11 --Boundary-02=_BRox+TqzoyyuZ8A Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Saturday 17 May 2003 19:50, Martin Schlemmer wrote: > On Sat, 2003-05-17 at 15:48, Grant Goodyear wrote: > > > > > I'm adding a new local use flag for kde-base/arts: artswrappersui= d. > > > > > It sets artswrapper suid root, which allows artsd (kde's sound > > > > > server) to run with realtime priority and avoid skips and clicks, > > > > > but it's a security hazard, so it's off by default. > > > > If we're going to go the USE flag route, how about a generic "suid" > > flag, then, instead of a local USE flag. I know this issue either > > can or does occur for more than one package. > > Does make sense, as adding support for one package will bring request > for the others we do not suid by default. Well, security isn't my home turf, so since everyone thinks a global flag i= s=20 OK, I won't object :-) (Spider already replied to me privately suggesting t= he=20 same thing, but then seemed to change his mind, or maybe I just misundersto= od=20 him. Anyhow, what do other people think, in particular our security people?= =2E) Just that as I said to him, it would have to be on by default and=20 defined as: "Turn off this flag to enable highly insecure default=20 configurations for the sake of performance - for fully trusted environments= =20 only". That could even be a global "security" flag, not just "suid". But it= 's=20 ok with me either way. Opinions? =2D-=20 Dan Armak Gentoo Linux developer (KDE) Matan, Israel Public GPG key: http://cvs.gentoo.org/~danarmak/danarmak-gpg-public.key --Boundary-02=_BRox+TqzoyyuZ8A Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA+xoRBUI2RQ41fiVERAld/AJ9W36Gvr7sqgGKVkwNkUbTV0kIyRQCcC8za Axidz/4Mc7zIuS6nmCtIA6c= =5Ylk -----END PGP SIGNATURE----- --Boundary-02=_BRox+TqzoyyuZ8A--