Subject: Re: Removing dm(1)
To: Soren S. Jorvang <email@example.com>
From: Curt Sampson <firstname.lastname@example.org>
Date: 11/18/1997 16:29:19
On Tue, 18 Nov 1997, Soren S. Jorvang wrote:
> It does not simplify the security problem, but it does removes a very
> obsolete mechanism. Has anybody here actually used dm.conf within the last
> n years?
It does to some degree. The fact that I can run fish and become
the games user is directly attributable to it being run by dm;
otherwise it would never run suid.
> It also seems to me that most (all?) of the games need no more than being
> setgid games, as all they do (apart from the game stuff) is write score
> files to /var/games . This would also lessen the impact of security holes
> in the games.
Yes, I think that this is an excellent idea.
> While we are at the let's-remove-stuff game, would anybody miss the
> 'ingress' and 'falken' users from the initial master.passwd?
Falken can go, I think; I doubt any of the young crackers these
days even understand the reference.
I still use ingres to own the postgres database stuff. It would be
nice to have standardised userids for the database owner, ftp, www,
and so on, but I don't know that the default password file is the
best place to store this information.
Curt Sampson email@example.com Info at http://www.portal.ca/
Internet Portal Services, Inc. Through infinite myst, software reverberates
Vancouver, BC (604) 257-9400 In code possess'd of invisible folly.