Re: svgalib (restorefont) permissions
Richard Kettlewell writes ("Re: svgalib (restorefont) permissions"):
> Ian Jackson writes:
...
> >You are aware, I take it, that if a local admin replaces the setuid
> >bit it will still be cleared at the next reinstallation ?
>
> How about:
>
> The postinst asks whether they should be setuid (with a pointer to a
> document explaining the implications of doing this) and record it in a
> newly invented config file, say /etc/vga/setuid. If a postinst finds
> /etc/vga/setuid then it just follows what it finds there.
That sounds reasonable.
> When it's determined that the programs are secure they can be setuid
> everywhere, but for now I'd rather direct my efforts to making sure
> that the svgalib packages install well rather than auditing the code.
Quite.
Ian.
Reply to: