On Wed, May 19, 2004 at 07:53:46AM -0400, James Damour wrote: > In this case, this setgid-wrapper concept would work for *all* Java > applications. I'm still not sure if it will work for shell driven apps > in general, but it sounds reasonable. Security may be a concern, but I > believe that a simple, well written setgid-wrapper program, that only > runs programs listed in its (root-owned) configuration file should be at > least as secure as cron or at. We should be sure to borrow the > configuration update logic from cron or at to make sure that we are > modifying the file in a way that is both secure, and meets Debian > project guidelines. > > Should I take the first crack at writing setguid-wrapper? Should we > pass the concept by Debian Security first?
I apparently missed the beginning of this thread; could you explain the problem and your proposed solution? -- - mdz
