On 2008-05-17 11:32 +0200, Rico Secada wrote: > I am not saying that Debian isn't secure per say, but things like > removing SUID and SGID from files where they generally aren't needed as > default imho is better. If someone needs SUID then he has to set it.
That is already mandated by Debian policy, though not always implemented. If you spot an instance of a program being set suid or sgid unnecessarily, please file a bug report (after checking that it had not been reported already). In general, such problems are taken very seriously. For instance, the xfs font server got removed from testing because it unnecessarily runs as root, see bug #50859. Sven -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
