Hi Cesar, On Wed, Aug 03, 2011 at 05:23:43AM +0200, Cesar Mauri wrote: > Thanks for your comments. I have (hopefully) addressed all the > issues you pointed out. I have uploaded an updated version to the > mentors site which appears to be lintian clean and pbuilds fine for > sid. See below for additional details. Thanks for your work! [...] > >or so and move the SUID bit setting including creating a > >group to postinst so that you limit the impact to an acceptable minimum. > >Having an open root access for everybody on a system is quite a bit > >too generous IMHO. > > I don't like also having a SUID binary but it is the only way I > found to raise the priority of the process. I've moved the "chmod" > to the postinst script but I couldn't create a group to setuid to > because the nice system call (see nice(2)) needs superuser > privileges. I seem to have not expressed my idea correctly: - Have your binary chmod 4750 - with uid 0 (thus the setUID) and - group "whateveryournewgroupname" In debian/postinst that would look like: chmod 4750 $BINARY chown 0:$GID $BINARY where $GID is the group id of the group you create in postinst. That will make sure it gets the UID 0 correctly so that nice(2) will work ok and also will make sure that only users of the group are allowed to execute it. Does that make sense for you? -- Best regards, Kilian
Attachment:
signature.asc
Description: Digital signature