Subject: Re: Removing dm(1)
To: Peter Seebach <seebs@herd.plethora.net>
From: Scott Reynolds <scottr@Plexus.COM>
List: current-users
Date: 11/18/1997 14:02:52
On Tue, 18 Nov 1997, Peter Seebach wrote:
> Yeah. I think dm does something useful, in a multi-user system context,
> which is allow multiple users to share a game, and play it in a secure
> way....
well, dm isn't necessary for that. you could always make the individual
games setuid, for that, but dm's primary purpose is to regulate access to
the games.
> The security issue is worth looking at - would it be easier to just make
> the games that need to do this setuid games, and remove dm, so that
> games that aren't playing with score lists are safer?
easier? probably not much, as many of them still need a security sweep
anyway. it's a loss of functionality, though, which is objectionable.
there is at least one security issue existing in the current code. i
invite y'all to come up with an alternative to running dm(8) setuid,
but retain its function.
--scott