Hi Martin, Martin Pitt wrote: > One easy solution that comes to my mind is to install those affected > programs setgid, and drop the additional group immediately after > program start with setgid(getgid()). For this we should introduce a > new static group into base-passwd, like "noptrace", to not abuse > existing groups and not confuse auditing tools.
excuse my ignorance, but is this the hack it sounds like? If so, I would not be exactly thrilled to see this sprinkled across the distribution unless it solves a severe problem and there are no alternatives of "doing things right", which I am not sure is the care here. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
