Release status update (or, Hoary and you)
George Farris
farrisg at mala.bc.ca
Mon Mar 7 16:58:10 CST 2005
On Tue, 2005-03-08 at 09:54 +1100, Nick Loeve wrote:
> > Since then I evaluated many of these root processes and minimized
> > their privileges to the absolutely required one. As a result, many
> > setuid root programs are now only setgid to a particular
> > application-specific group, and many processes now run as a dedicated
> > normal user (with some additional kernel capabilities in some cases).
> > This confines the potential impact of vulnerabilities to the process
> > itself, they cannot affect any other processes any more.
> >
> > In short, this greatly helps to improve proactive security.
> >
> > Already derooted apps:
> >
> > klogd
> > syslogd
> > cupsd
> > hald
> > ntpd
> > procmail
> > smbmount/smbumount
> > jackd
> > login
> > gpg/gnupg
> > hpoj
> > at
This is excellent news, nice work.
--
George Farris farrisg at mala.bc.ca
Malaspina University-College
As with the rail barons of the past:
There is no reason why the computer industry should have to put up
with 'private standards' any longer. The word 'incompatible' is a
dirty word. It's time to run those who insist on using it out of the
business.
More information about the ubuntu-devel
mailing list