On Tue January 29 2008 3:16:24 pm Moritz Muehlenhoff wrote: > Scope of this proposal > ====================== > > The target for Lenny is to enable these features in all applications > with potential security impact, specifically: > > - Your application is written in C / C++ > - If your package was subject to a DSA in the recent years > - If your package parses files from untrusted sources > - If your package communicates over a network
I am very glad to see what you have been proposing so far. This is a great start. However, I am concerned that is appears to be limited in scope to packages that: * Are written in C or C++ * Can have hardening achieved through technical changes to the build process I think it is important to remember that other languages can have security problems too, perhaps just as easy as these (shell). Also there seems to be a bloat recently of the number of daemons running on the average Debian system. It seems to be just about impossible to have a desktop with sid without having avahi, dbus, hal, etc, etc, etc. running. How secure do we feel about all of this? I notice, for instance, that the latest cups requires avahi. Can we build it without that and install it without that by default for those that don't need it, to eliminate Yet Another Daemon? -- John -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]