On Mon, May 23, 2011 at 06:29, Ron Johnson <ron.l.john...@cox.net> wrote: > I was thinking of setuid() magic. >
Again an OS issue, not a Skype issue. I agree that since root must install Skype, and since root then owns Skype, the application might setuid. But this is an OS feature, not a Skype feature. How is this not a concern with any other closed-source application that one must install? I could understand derailing the thread into a closed-source vs. open-source debate, which while very productive would not address the issue at hand. For that matter, though, I do agree that setuid is a security risk and not well mitigated. Maybe the issue needs to be dealt with already: how would you suggest changing the kernel behaviour to mitigate the risk? A warning or log entry each time an application uses setuid? At install, at runtime, or both? Something else? -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/BANLkTi=PH_xYuyHrHdC2fftbAZE6U-x=y...@mail.gmail.com
