Re: setuid/setgid binaries contained in the Debian repository.

To: debian-devel@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Adam Heath <doogie@debian.org>
Date: Fri, 1 Aug 2003 13:36:50 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.44.0308011335500.25610-100000@gradall.private.brainfood.com>
In-reply-to: <[🔎] 20030801182632.GP15502@alcor.net>

On Fri, 1 Aug 2003, Matt Zimmerman wrote:

> On Fri, Aug 01, 2003 at 08:20:40PM +0200, Josip Rodin wrote:
>
> > On Fri, Aug 01, 2003 at 02:15:26PM -0400, Matt Zimmerman wrote:
> > > it would be trivial to add lintian/linda warnings for this,
> >
> > There's already a warning for set[ug]id in Lintian.
>
> Ah, ok.  But the point was that it will miss many cases.  For example, I've
> never seen this warning in uml-utilities because it uses a
> dynamically-allocated gid and so must use chmod in postinst rather than
> setting permissions in the .deb.  If this could be done at build time rather
> than at install time, the check would be perfect.

Andrew Suffield and I have plans to get rid of dynamic user creation in
postinst, and chmod +s as well.

preinst will create the user(by calling adduser), then the setuid-ness in the
deb can be applied.  This invovles modifying dpkg-deb to read a list of
permission overrides.

See -policy.

Reply to:

References:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: setuid/setgid binaries contained in the Debian repository.
Next by Date: Re: CUPS should be the default print service in Debian/Sarge
Previous by thread: Re: setuid/setgid binaries contained in the Debian repository.
Next by thread: Re: setuid/setgid binaries contained in the Debian repository.
Index(es):
- Date
- Thread