Re: svgalib (restorefont) permissions

To: Debian developers list <debian-devel@Pixar.com>
Subject: Re: svgalib (restorefont) permissions
From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Date: Fri, 15 Mar 96 21:00 GMT
Message-id: <[🔎] m0txgc9-0002ZcC@chiark.chu.cam.ac.uk>
In-reply-to: <[🔎] cNi2NX4gnh@muskogee.elmail.co.uk>
References: <Pine.SUN.3.91.960313160917.23918A@logos.res.utc.com> <cNhRIp48L0@sfere.elmail.co.uk> <[🔎] m0txDmv-0002ZHC@chiark.chu.cam.ac.uk> <[🔎] cNi2NX4gnh@muskogee.elmail.co.uk>

Richard Kettlewell writes ("Re: svgalib (restorefont) permissions"):
> Ian Jackson writes:
...
> >You are aware, I take it, that if a local admin replaces the setuid
> >bit it will still be cleared at the next reinstallation ?
> 
> How about:
> 
> The postinst asks whether they should be setuid (with a pointer to a
> document explaining the implications of doing this) and record it in a
> newly invented config file, say /etc/vga/setuid.  If a postinst finds
> /etc/vga/setuid then it just follows what it finds there.

That sounds reasonable.

> When it's determined that the programs are secure they can be setuid
> everywhere, but for now I'd rather direct my efforts to making sure
> that the svgalib packages install well rather than auditing the code.

Quite.

Ian.

Reply to:

References:
- Re: svgalib (restorefont) permissions
  - From: Ian Jackson <ian@chiark.chu.cam.ac.uk>
- Re: svgalib (restorefont) permissions
  - From: Richard Kettlewell <richard@elmail.co.uk>

Prev by Date: Re: dpkg-1.1.1elf dumps core
Next by Date: ls question
Previous by thread: Re: svgalib (restorefont) permissions
Next by thread: Debian only packages.
Index(es):
- Date
- Thread