Re: A question on setting setuid bit

To: debian-devel@lists.debian.org
Subject: Re: A question on setting setuid bit
From: Brendan O'Dea <bod@debian.org>
Date: Wed, 5 Jul 2006 23:35:52 +1000
Message-id: <[🔎] 20060705133552.GA31448@londo.c47.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20060705080243.GB13106@seanius.net>
References: <[🔎] Pine.LNX.4.33.0607042022120.3313-100000@rimavpc1.dnrc.bell-labs.com> <[🔎] 20060705053401.GA31225@debian> <[🔎] 20060705063912.GA31067@hezmatt.org> <[🔎] 20060705080243.GB13106@seanius.net>

On Wed, Jul 05, 2006 at 04:02:43AM -0400, sean finney wrote:
>On Wed, Jul 05, 2006 at 04:39:12PM +1000, Matthew Palmer wrote:
>> dpkg-statoverride is a tool for the system administrator to specify a
>> different mode or ownership for a file to that which is provided in the
>> package.  It is not meant to be used by the package.
>
>there are cases where it's appropriate for a package to use it.  for
>example, if the package creates the user that is supposed to own a file,
>and later changes the ownership to that user in the maintscripts.  in
>this case it would be appropriate to use this tool to check if the
>local admin has overrided the permissions, and if so, keep the
>permissions respected.

There are two cases where shipping the binary with the correct ownership
or permission is not possible:

 * the user meant to own the files is dynamically created, or
 * the permissions for a file are a debconf option

In such cases it is necessary in the postinst to do:

    if ! dpkg-statoverride --list $file >/dev/null 2>&1
    then
	chown $user:$group $file # and/or
	chmod $mode $file
    fi

Which will only set the permissions if the local administrator has not
supplied other values.

Just looking at various postinst scripts now, I note that some packages
use dpkg-statoverride to apply the changes rather than chown/chmod.

Not quite sure of the rationale behind this.  In my opinion, setting
permissions via dpkg-statoverride should be limited to the local admin
only.

It also means that you need to remove the override in the postrm and
complicates the case where you wish to change the default values used.

In both cases you need to compare the values returned by --list and only
remove/change if those values match what was previously set by the
package.

Even with this test, there is *no way to be sure* that the override was
originally set by the package.  Could be that the administrator set the
override with those values to ensure they didn't change.

Summary for maintainer scripts:

 * Don't use chown/chmod in without first testing dpkg-statoverride --list.
 * Don't use dpkg-statoverride to apply owner/group/mode changes.

--bod

Reply to:

References:
- A question on setting setuid bit
  - From: "LEE, Yui-wah (Clement)" <leecy@bell-labs.com>
- Re: A question on setting setuid bit
  - From: Bartosz Fenski aka fEnIo <fenio@debian.org>
- Re: A question on setting setuid bit
  - From: Matthew Palmer <mpalmer@debian.org>
- Re: A question on setting setuid bit
  - From: sean finney <seanius@debian.org>

Prev by Date: Re: greylisting on debian.org?
Next by Date: greylisting on debian.org?
Previous by thread: Re: A question on setting setuid bit
Next by thread: Re: A question on setting setuid bit
Index(es):
- Date
- Thread