On Tue, Apr 28, 1998 at 12:50:37PM -0500, Branden Robinson wrote:
> On Tue, Apr 28, 1998 at 04:50:45PM +0200, Thomas Roessler wrote:
> > First, the Debian Policy should be enhanced by a paragraph
> > on suid binaries. The policy should emphasize the least
> > privilege principle. It should require the use of
> > suidmanager when installing scripts suid root.
> >
> > Further, the policy should require maintainers to tag bug
> > reports about programs running suid root "critical". (You
> > may also consider to add an option to the bug program
> > which tags a bug report as a security problem, and thus
> > "critical". This is also interesting for network programs
> > which have security breaches and/or denial of service
> > vulnerabilities.)
I thought lintian already detects setuid binaries and needs
confirmation by the author that it needs to be setuser or
not.
Regards,
Joey
--
/ Martin Schulze * [EMAIL PROTECTED] * 26129 Oldenburg /
/ The good thing about standards is /
/ that there are so many to choose from. -- Andrew S. Tanenbaum /
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
