Re: SVGAlib suid binaries?

[Joe Drew <hoserhead@woot.net>]

On Mon, Oct 25, 1999 at 11:27:32PM +0200, Goswin Brederlow wrote:
> > Instead of this, though, which could be a problem, I included a script, based
> > on one in gnuplot, which will configure the suid bit-ness of lsdoom, the svgalib
> > executable.
> 
> Hmm, I might file a bug against that. Interactive installation realy
> sucks and it will bann lsdoom from my demo-fs packages as a possible
> game to include. Patching it back to noninteractive is work. :(

It's no problem to make it non-interactive, or default to SUID, but
IMHO that's far worse a bug than asking the user what they want in the
beginning. LxDoom is a /game/, and as such making it run as root
could leave a system wide open.

> If you have two binaries, make the svga setuid by default. Noone will
> install it to not let the users use it.

This is true; a large **WARNING** on postinst (no prompting though) could
be enough. (Along with a note in the package description.) I'll see what
the reaction to the initial package is, though.