Re: dpkg-statoverride vs. suidmanager
Wichert Akkerman wrote:
> Argh, duh! Hmm. It looks like you need to see if any of the files
> listed in /etc/suid.conf matches with one in dpkg -L package.
> and take diversions into account as well. Or the maintainer will
> have to supply the list of files manually, in which case it becomes
> easier:
The maintainer basically just needs to provide the list of files that
were suidregistered before.
> check_num() {
> num=$1
> case "$num" in
> [0-9]*) num="#$num" ;;
> *) ;;
> esac
> echo $num
> }
>
> conf_overrides() {
> grep "^local\>" /etc/suid.conf | ( \
Actually, this may need to be grep -v "^$pkg\>" or something like that.
suid.conf(5) says to use "user", but actually any token that is not the
name of a package will work -- I accidentually used local in my
suid.conf.
> for f in "$@" ; do \
> while read spkg file user group mode ; do \
> if [ "$file" = "$f" ] ; then \
> dpkg-statoverride --add `check_num $user` `check_num $group` $mode $file ; \
> fi ; \
> done ; \
> suidunregister $file ; \
> done \
> )
> }
>
> conf_overrides /usr/X11R6/bin/xscreensaver
This feels slightly long to go into several thousand preinsts. Could we
put it in dpkg or something?
The numeric ID this is a PITA -- people shouldn't do it, and debhelper for
one, has not since 1998. I guess we need to support it though, sigh.
--
see shy jo
Reply to: