cvs commit: ports/audio/arts Makefile
Michael Nottebrock
michaelnottebrock at gmx.net
Thu Mar 4 15:58:58 PST 2004
On Friday 05 March 2004 00:00, Jacques A. Vidrine wrote:
> On Wed, Mar 03, 2004 at 04:34:11PM -0500, Wesley Morgan wrote:
> > IMO any port that wishes to install a suid binary by default should be
> > required to get approval from the FreeBSD Security Team, and their
> > decisions, not the port maintainers, be final in cases where it is
> > optional.
The problem with that approach is that you cannot really trust a "security
team" more than a port maintainer (or a port maintainer team). A member of
the security team might be more competent than the port maintainer in some
instances, in other instances it might be the other way around. Although I
have been told before that I just don't understand security, I believe you
can't achieve security by trusting in name tags.
> > This in addition to any prominent warnings about suid binaries
> > deemed necessary.
Every port that installs binaries already warns you about them, automatically,
and the daily security run from periodic scans for new setuid binaries as
well.
> I will be very happy to
> see what Michael comes up with for artswrappers, and for myself I intend
> to investigate various X11-related bits that were brought up previously.
Artswrapper will be similar to x11/wrapper.
--
,_, | Michael Nottebrock | lofi at freebsd.org
(/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org
\u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: signature
Url : http://lists.freebsd.org/pipermail/cvs-ports/attachments/20040305/881b4eaa/attachment.bin
More information about the cvs-ports
mailing list