From xemacs-m  Thu Apr  3 00:27:23 1997
Received: from altair.xemacs.org (steve@xemacs.miranova.com [206.190.83.19])
	by xemacs.org (8.8.5/8.8.5) with ESMTP id AAA07432
	for <xemacs-beta@xemacs.org>; Thu, 3 Apr 1997 00:27:22 -0600 (CST)
Received: (from steve@localhost)
	by altair.xemacs.org (8.8.5/8.8.5) id WAA06650;
	Wed, 2 Apr 1997 22:40:23 -0800
Mail-Copies-To: never
To: xemacs-beta@xemacs.org
Subject: Re: A security hole during XEmacs installation
References: <kig7mipznnu.fsf@jagor.srce.hr> 	<m2raguibri.fsf@altair.xemacs.org> 	<199704012241.OAA06912@newman> 	<m2u3lqtesy.fsf@altair.xemacs.org> 	<199704030117.RAA00359@wmperry.in.aventail.com> 	<rviv24slhj.fsf@sdnp5.ucsd.edu> <QQcjqd25103.199704030559@crystal.WonderWorks.COM> <rvhghoske2.fsf@sdnp5.ucsd.edu>
X-Url: http://www.miranova.com/%7Esteve/
X-Face: #!T9!#9s-3o8)*uHlX{Ug[xW7E7Wr!*L46-OxqMu\xz23v|R9q}lH?cRS{rCNe^'[`^sr5"
 f8*@r4ipO6Jl!:Ccq<xoV[Qz2u8<8-+Vwf2gzJ44lf_/y9OaQ`@#Q65{U4/TC)i2`~/M&QI$X>p:9I
 OSS'2{-)-4wBnVeg0S\O4Al@)uC[pD|+
X-Attribution: sb
From: Steven L Baur <steve@miranova.com>
In-Reply-To: David Moore's message of 02 Apr 1997 22:14:29 -0800
Mime-Version: 1.0 (generated by tm-edit 7.106)
Content-Type: text/plain; charset=US-ASCII
Date: 02 Apr 1997 22:40:23 -0800
Message-ID: <m2afngtxrc.fsf@altair.xemacs.org>
Lines: 16
X-Mailer: Gnus v5.4.40/XEmacs 20.1(beta11)

David Moore <dmoore@ucsd.edu> writes:

> And I do note that most software when installed by root gets owned
> by root.

XEmacs should be installed by root, and have all files with executable
code owned by root.  I think with the advent of portable Unix virii
some months ago it's too dangerous to have binaries owned by anyone
other than root.[1]

Footnotes: 
[1]  Unless the installer insists on shooting himself or herself in
the foot.
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be billed at $250/message.

