Matt Zimmerman wrote: > There are other solutions, including group membership, but it doesn't > matter, because that is not what I am talking about. The fact is, many > programs run with privileges that they do NOT require in order to function > acceptably, or even fully, and I want to promote discussion in order to > prevent that situation.
Just for example, I sat down and audited mooix's user of setuid and setgid bits the other day. When I started, mooix contained 3 interactive setuid root programs, 2 setuid helper programs with well-defined and very small user inputs, and one daemon that ran as root. When I finished, mooix contained 3 programs setuid and/or setgid to users and groups with limited permissions, 3 setuid helper programs, and one daemon that drops permissions to nobody after it's done with PAM. Overall 300 fewer lines of code run as root. And better gains that this are possible in many other packages in debian. -- see shy jo
pgpPvaGTOXtiE.pgp
Description: PGP signature
