On Thu, Aug 19, 2004 at 10:13:12PM -0400, VaX#n8 wrote:
> 2) There's a fair number of SUID programs, and I haven't audited them for
> buffer overflows yet.  What to do about this?  I mean, obviously, they can't
> go into the source tree without being scrutinized, but... perhaps as non-SUID
> until such a time?  SUID Non-root pseudo-user?  What's the guideline?

What do the suid programs do?  Why do they need to be suid at all?

(It is my opinion that NetBSD should not be adding new suid programs
at all.)

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933