Bug#484841: Should /usr/local be writable by group staff?
Package: tech-ctte
Severity: normal
This is a delegation of the resolution of Bug#299007 to the Technical
Committee under points 1 and 3 of section 6.1 of the Constitution. As
Policy delegate, I am not comfortable making a final decision either
way on this bug and ask that the tech-ctte please make a binding
decision.
The dispute is over the following text in Debian Policy:
The `/usr/local' directory itself and all the subdirectories created
by the package should (by default) have permissions 2775
(group-writable and set-group-id) and be owned by `root.staff'.
The proposed change is to state instead that the /usr/local directory
itself and all the subdirectories created by the package should (by
default) have permissions 755 and be owned by root:root.
The contention in this proposal is that the current Policy-mandated
behavior represents a potential security vulnerability since it allows
elevation of a compromise of group staff to a root compromise since
/usr/local/bin is in root's default path. The counter-contention is that
the staff group is empty by default and it is up to the local system
administrator to extend that privilege in a way consistent with the local
site security policy.
https://launchpad.net/bugs/13795 is the corresponding Ubuntu bug.
According to that bug log, Ubuntu has chosen to diverge from Debian on
this point.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Reply to: