Re: Excessive root usage in Debian

To: Joey Hess <joey@kitenet.net>
Cc: debian-devel@lists.debian.org
Subject: Re: Excessive root usage in Debian
From: John Goerzen <jgoerzen@complete.org>
Date: 19 Oct 1999 13:05:57 -0500
Message-id: <[🔎] 873dv76xa2.fsf@erwin.complete.org>
In-reply-to: Joey Hess's message of "Mon, 11 Oct 1999 17:16:59 -0700"
References: <[🔎] 87wvst8pv4.fsf@erwin.complete.org> <[🔎] 19991011171659.E3953@kitenet.net>

You are forgetting the case in which a program runs as root but may
have a bug that can cause damage even if not actively trying to be
exploited.


Joey Hess <joey@kitenet.net> writes:

> There's very little point in auditing programs that run as root unless they
> 
> a) Take input form some source a non-root user might control.
> or
> b) Can be started as root by a non-root user.
> 
> AFIAK neither a or b is true of m4 or makemap or sendmailconfig, or
> update-menus for that matter (though you have a point aboutr resource limits).
> 
> -- 
> see shy jo
> 

-- 
John Goerzen   Linux, Unix consulting & programming   jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade)       www.debian.org |
----------------------------------------------------------------------------+
The 1,117,818th digit of pi is 5.

Reply to:

References:
- Excessive root usage in Debian
  - From: John Goerzen <jgoerzen@complete.org>
- Re: Excessive root usage in Debian
  - From: Joey Hess <joey@kitenet.net>

Prev by Date: Re: perhaps sort by priority?
Next by Date: Re: Poor failure recovery
Previous by thread: Re: Excessive root usage in Debian
Next by thread: Re: Excessive root usage in Debian
Index(es):
- Date
- Thread