Re: svgalib (restorefont) permissions

To: Ian Jackson <ian@chiark.chu.cam.ac.uk>
Cc: Debian developers list <debian-devel@Pixar.com>
Subject: Re: svgalib (restorefont) permissions
From: Richard Kettlewell <richard@elmail.co.uk>
Date: Thu, 14 Mar 96 14:26:03 +0000 (GMT)
Message-id: <[🔎] cNi2NX4gnh@muskogee.elmail.co.uk>
In-reply-to: <[🔎] m0txDmv-0002ZHC@chiark.chu.cam.ac.uk>
References: <Pine.SUN.3.91.960313160917.23918A@logos.res.utc.com> <cNhRIp48L0@sfere.elmail.co.uk> <[🔎] m0txDmv-0002ZHC@chiark.chu.cam.ac.uk>

Ian Jackson writes:
>Richard Kettlewell writes on debian-user:

>>Note that later versions of the svgalib package discard both the
>>console group and the setuid bit on all of these programs, leaving
>>security and arrangements entirely to local administrators.
>
>You are aware, I take it, that if a local admin replaces the setuid
>bit it will still be cleared at the next reinstallation ?

How about:

The postinst asks whether they should be setuid (with a pointer to a
document explaining the implications of doing this) and record it in a
newly invented config file, say /etc/vga/setuid.  If a postinst finds
/etc/vga/setuid then it just follows what it finds there.

When it's determined that the programs are secure they can be setuid
everywhere, but for now I'd rather direct my efforts to making sure
that the svgalib packages install well rather than auditing the code.

ttfn/rjk

Reply to:

Follow-Ups:
- Re: svgalib (restorefont) permissions
  - From: Ian Jackson <ian@chiark.chu.cam.ac.uk>

References:
- Re: svgalib (restorefont) permissions
  - From: Ian Jackson <ian@chiark.chu.cam.ac.uk>

Prev by Date: Uploads
Next by Date: Re: svgalib (restorefont) permissions
Previous by thread: Re: svgalib (restorefont) permissions
Next by thread: Re: svgalib (restorefont) permissions
Index(es):
- Date
- Thread