From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Rqw2v-0006Zu-RC for garchives@archives.gentoo.org; Sat, 28 Jan 2012 00:21:34 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 73476E099E; Sat, 28 Jan 2012 00:21:24 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 36768E097D for ; Sat, 28 Jan 2012 00:20:35 +0000 (UTC) Received: from [10.19.82.217] (193-64-22-30-nat.elisa-mobile.fi [193.64.22.30]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: ssuominen) by smtp.gentoo.org (Postfix) with ESMTPSA id 182941B400B for ; Sat, 28 Jan 2012 00:20:33 +0000 (UTC) Message-ID: <4F233EBF.8040504@gentoo.org> Date: Sat, 28 Jan 2012 02:18:07 +0200 From: Samuli Suominen User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0) Gecko/20120114 Thunderbird/9.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] useless set*id binaries References: <201201271914.45638.vapier@gentoo.org> In-Reply-To: <201201271914.45638.vapier@gentoo.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: bbfc38e2-b73c-4623-8fd5-a735b19548d3 X-Archives-Hash: 9631a11e0af8c040be1167ab12632cbb On 01/28/2012 02:14 AM, Mike Frysinger wrote: > hmm, i wonder why mount.nfs is set*id. if we require everyone to use `mount`, > there's no need for `mount.nfs` to be set*id. someone want to point out > something obvious that i'm missing before i adjust the nfs-utils package ? > > along these lines, why is cdrtools set*id ? if we have a "cdrom" group, and > we assign our cdroms/dvdroms to that group, then we already have access > control in place and can skip the set*id. > -mike cdrtools can't probe the drives without the binary being setuid, or the user belonging to the 'disk' group (and even that is not enough in some cases if the permissions vary)