Subject: Re: Removing dm(1)
To: None <tech-security@NetBSD.ORG>
From: Soren S. Jorvang <soren@t.dk>
List: tech-security
Date: 11/18/1997 21:12:12
On Tue, 18 Nov 1997, Jason Thorpe wrote:

> On Tue, 18 Nov 1997 08:54:43 -0800 (PST) 
>  Curt Sampson <cjs@portal.ca> wrote:
> 
>  > So I'm going to propose that we simplify life and remove dm(8).
>  > Does anyone have any objections to this?
> 
> Removing dm doesn't simplify anything.  You still have to fix the
> setuid usage (because games have to be setuid games anyhow), and
> you remove the functionality that dm provides.

It does not simplify the security problem, but it does removes a very
obsolete mechanism. Has anybody here actually used dm.conf within the last
n years?

It also seems to me that most (all?) of the games need no more than being
setgid games, as all they do (apart from the game stuff) is write score
files to /var/games . This would also lessen the impact of security holes
in the games.

While we are at the let's-remove-stuff game, would anybody miss the
'ingress' and 'falken' users from the initial master.passwd?


-- 
Soren