This is a follow up to the jackd/ dpkg-statoverride thread, and a
request for comment on the below. Once informally vetted here, I will
post to debiam-multimedia.
Input appreciated
Zen
---
Title: Audio Apps Mini Policy
Authors: Zenaan Harkness
Version: 0.1
Date: 2003-10-28
Applicability: Audio
On Tue, 2003-10-28 at 12:47, Steve Kemp wrote:
On Tue, Oct 28, 2003 at 09:43:07PM +1100, Zenaan Harkness wrote:
Audio applications or applets (ie. executable files) requiring realtime
privileges should be installed as follows:
- user = root
- group = audio
- permissions
- SUID
On Tue, Oct 28, 2003 at 02:11:47PM +0100, Andreas Metzler wrote:
Why read only for other? Given that they can't execute what is
presumably a compiled binary I'd treat them as untrusted and not allow
them to read it at all.
Why? Quoting policy because I can't reason better: They
On Tue, Oct 28, 2003 at 12:31:14PM -0500, Matt Zimmerman wrote:
[...]
I'm actually starting to wonder whether we should have a general facility
for these sorts of things. Having apps be setuid root and expecting them to
behave responsibility is asking for trouble; it would make much more
This is a follow up to the jackd/ dpkg-statoverride thread, and a
request for comment on the below. Once informally vetted here, I will
post to debiam-multimedia.
Input appreciated
Zen
---
Title: Audio Apps Mini Policy
Authors: Zenaan Harkness
Version: 0.1
Date: 2003-10-28
Applicability: Audio
On Tue, Oct 28, 2003 at 09:43:07PM +1100, Zenaan Harkness wrote:
Audio applications or applets (ie. executable files) requiring realtime
privileges should be installed as follows:
- user = root
- group = audio
- permissions
- SUID root
- have a debconf question asking to allow/
On Tue, 2003-10-28 at 12:47, Steve Kemp wrote:
On Tue, Oct 28, 2003 at 09:43:07PM +1100, Zenaan Harkness wrote:
Audio applications or applets (ie. executable files) requiring realtime
privileges should be installed as follows:
- user = root
- group = audio
- permissions
- SUID
On Tue, Oct 28, 2003 at 11:47:49AM +, Steve Kemp wrote:
On Tue, Oct 28, 2003 at 09:43:07PM +1100, Zenaan Harkness wrote:
Audio applications or applets (ie. executable files) requiring realtime
privileges should be installed as follows:
- user = root
- group = audio
-
On Tue, Oct 28, 2003 at 02:11:47PM +0100, Andreas Metzler wrote:
Why read only for other? Given that they can't execute what is
presumably a compiled binary I'd treat them as untrusted and not allow
them to read it at all.
Why? Quoting policy because I can't reason better: They
On Tue, Oct 28, 2003 at 09:43:07PM +1100, Zenaan Harkness wrote:
This is a follow up to the jackd/ dpkg-statoverride thread, and a
request for comment on the below. Once informally vetted here, I will
post to debiam-multimedia.
Input appreciated
Zen
---
Title: Audio Apps Mini Policy
On Tue, Oct 28, 2003 at 12:31:14PM -0500, Matt Zimmerman wrote:
[...]
I'm actually starting to wonder whether we should have a general facility
for these sorts of things. Having apps be setuid root and expecting them to
behave responsibility is asking for trouble; it would make much more
On Tue, Oct 28, 2003 at 06:45:08PM +0100, Andreas Metzler wrote:
Perhaps execcap(8) can be used as base for the general facility?
That sounds useful. For our purposes, though, it would need a setuid
wrapper in order to do the other work, and that program could probably just
as easily set the
On Tue, 2003-10-28 at 22:47, Steve Kemp wrote:
On Tue, Oct 28, 2003 at 09:43:07PM +1100, Zenaan Harkness wrote:
Audio applications or applets (ie. executable files) requiring realtime
privileges should be installed as follows:
- user = root
- group = audio
- permissions
- SUID
13 matches
Mail list logo