On Wed, Apr 30, 2008 at 10:46:29AM +0200, Martin Pitt wrote: > Josselin Mouette [2008-04-30 10:17 +0200]: > > This looks indeed like a reasonable alternative if we don't get the > > noptrace group ; it would be easy to patch gksu/gnome-keyring/... with > > the same stuff. > > I agree, and give the other possible attack scenarios it doesn't make > much sense to throw a lot of effort (with noptrace group, etc.) at it.
In that case I'm inclined to leave it alone since adding a new group to base-passwd really ought to involve converting it to debconf, and I haven't quite mustered the enthusiasm to take care of that yet. That said, if you decide you want to do it, having (say) a core PolicyKit package do 'addgroup --system noptrace' in its postinst would be fine as an interim measure; it doesn't *have* to be a global static group, and even if we eventually decide that we do want to turn it into one then that's not a problem. -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
