On Mon, May 23, 2011 at 08:31, Ron Johnson <ron.l.john...@cox.net> wrote: >> Which the OS allows them, so I pass no blame on the Skype devs. >> > > My automobile allows me to drive w/o being buckled up. Do you blame the > manufacturer or do you blame me for driving w/o buckling up? >
Strawman. Your automobile is not charged with the responsibility to protect the safety of yourself or your passengers. In order to add that responsibility to the automobile, one would have to introduce new features. Conversely, the Linux kernel is charged with enforcing user privileges. The setuid feature is added on to override that enforcement. The setuid feature is dangerous, as you yourself brought up. It should be limited by either: 1) Disabled by default, and packages which use it should require special permission either at runtime or install (not at compile time). This should be enforced by the kernel. 2) Detailed logging. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/banlktimyjj1psqwl0-kdobvpzazy3nd...@mail.gmail.com
