On Sun, Apr 27, 2008 at 06:22:38PM +0200, Florian Weimer wrote: > * Josselin Mouette:
> > Given that it seems unlikely that we obtain another solution, should we > > start right now with that stuff? > I think it's a bit foolish to abuse SGID bits to take away permissions. > This kind of restriction is essentially a configuration option, and > applying it to the wrong program may break tools like fakeroot. This > information should not be stored under /usr. > There has to be a cleaner solution, such as a sysctl that, when enabled, > restricts ptrace to root. ... which will then be disabled on any system where a user needs to debug any application, leaving everything vulnerable to ptrace attacks as before. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
