On Fri, Jul 18, 2014 at 01:15:42AM +0200, Ludovic Court??s wrote:
     John Darrington <john@darrington.wattle.id.au> skribis:
     
     > On Thu, Jul 17, 2014 at 05:00:40PM +0200, Ludovic Court??s wrote:
     >      
     >      The package itself cannot install things setuid (nothing can be setuid
     >      in the store), but there can be setuid programs in the system (see
     >      gnu/system.scm.)
     >      
     > I'm not sure that I understand that.  Maybe you can enlighten me sometime.o
     >
     > Should I add /bin/aegis here: ?
     >
     > (define %setuid-programs
     
     The package manager itself doesn???t help at all with setuid binaries.  It
     just doesn???t handle them.
     
     However, the OS does support it, via the ???setuid-programs??? field of
     ???operating-system??? declaration.  So, if the system administrator of a
     machine decides that it???s a good idea to have ???aegis??? setuid-root, then
     they add it to the ???setuid-programs??? field.
     
     The ???%setuid-programs??? variable you mention is just for *default* setuid
     programs.  We don???t want to add to many of them here, because that
     amounts to making installation of those packages compulsory.

I see (I think).  Could we at least arrange for a message to be emitted on 
package --install suggesting that the package be added to setuid-programs?
Aegis is useless without setuid-root.
     
J'

-- 
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.