[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: eviacam

Hi Cesar,

On Wed, Aug 03, 2011 at 05:23:43AM +0200, Cesar Mauri wrote:
> Thanks for your comments. I have (hopefully) addressed all the
> issues you pointed out. I have uploaded an updated version to the
> mentors site which appears to be lintian clean and pbuilds fine for
> sid. See below for additional details.

Thanks for your work!

> >or so and move the SUID bit setting including creating a
> >group to postinst so that you limit the impact to an acceptable minimum.
> >Having an open root access for everybody on a system is quite a bit
> >too generous IMHO.
> I don't like also having a SUID binary but it is the only way I
> found to raise the priority of the process. I've moved the "chmod"
> to the postinst script but I couldn't create a group to setuid to
> because the nice system call (see nice(2)) needs superuser
> privileges.

I seem to have not expressed my idea correctly:
- Have your binary chmod 4750
- with uid 0 (thus the setUID) and 
- group "whateveryournewgroupname"

In debian/postinst that would look like:
chmod 4750 $BINARY
chown 0:$GID $BINARY

where $GID is the group id of the group you create in postinst.

That will make sure it gets the UID 0 correctly so that nice(2) will work ok
and also will make sure that only users of the group are allowed to execute

Does that make sense for you?

Best regards,

Attachment: signature.asc
Description: Digital signature

Reply to: