On Mon, May 23, 2011 at 07:40, Ron Johnson <ron.l.john...@cox.net> wrote: >>> I was thinking of setuid() magic. >> >> Again an OS issue, > > Insofar as the OS provides the feature. >
Indeed, this really is a convenience-before-security feature that reminds me of a certain prolific software vendor. Give me an hour or two, I'd like to start a new thread on this because I really do think that it is a problem that needs addressing sooner rather than later. >> not a Skype issue. > > Yet, *if* Skype uses the function it's because Skype's programmers > programmed Skype to use the function. > Which the OS allows them, so I pass no blame on the Skype devs. >> I agree that since root must >> install Skype, and since root then owns Skype, the application might >> setuid. But this is an OS feature, not a Skype feature. How is this >> not a concern with any other closed-source application that one must >> install? I could understand derailing the thread into a closed-source >> vs. open-source debate, which while very productive would not address >> the issue at hand. >> > > It's a concern with *all* programs that need to stray from your little > protected zone. > Indeed. I did find this application, but it seems to be far from adequate: http://www.cims.nyu.edu/cgi-comment/info2html?%28cfengine-Tutorial%29The%2520setuid%2520log -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/banlktinbwihzcsfw587agvjebj5ajmq...@mail.gmail.com
