Subject: Re: proposed: /usr/src/usr.bin/tcfs/*, needs gdbm, some SUID programs
To: None <tech-userlevel@NetBSD.org>
From: David Young <dyoung@pobox.com>
List: tech-userlevel
Date: 08/19/2004 21:16:34
On Thu, Aug 19, 2004 at 10:13:12PM -0400, VaX#n8 wrote:
> 2) There's a fair number of SUID programs, and I haven't audited them for
> buffer overflows yet. What to do about this? I mean, obviously, they can't
> go into the source tree without being scrutinized, but... perhaps as non-SUID
> until such a time? SUID Non-root pseudo-user? What's the guideline?
What do the suid programs do? Why do they need to be suid at all?
(It is my opinion that NetBSD should not be adding new suid programs
at all.)
Dave
--
David Young OJC Technologies
dyoung@ojctech.com Urbana, IL * (217) 278-3933