Bug#4051: access permissions for /usr/bin/fdmount
Damn, it looks like my comment
Before anyone changes anything, please read the appropriate part of
the new policy manual.
went unheeded. I see that the change that Daniel Quinlan requested
has been made. It's a shame that I didn't get around to writing this
more detailed response to the situation sooner.
Daniel Quinlan writes ("Re: Bug#4051: access permissions for /usr/bin/fdmount"):
...
> Michael Meskes <meskes@informatik.rwth-aachen.de> writes:
> > I agree that the installation is not correct, but I doubt mode 4755
> > is a solution. I for one don't like the idea that everyone is able
> > to access my floppy drive. Since the Debian standard installation
> > for floppy devices is mode 660 with owner root and group floppy I
> > propose to use the same owner/group combination for fdmount.
> >
> > Any comments before I create a new version?
There is nothing wrong with having an executable mode 4754 setuid
root, owned by some particular group. This is the right way to solve
this problem.
> Use geteuid(2) and/or use a configuration file that says who has
> access. Using permissions alone to dictate who has access to
> *running* the binary is bad, IMHO, and I think the Debian package
> guidelines agree (unless they've been changed).
The guidelines were ambiguous on this subject. The new policy manual
is not. The relevant section, which I wrote before this came up BTW,
says that the access control should be done in the way that it was (I
presume) being done here before.
Compiling names of groups or even worse group ids into binaries is a
bad idea.
> Even worse, it's a
> `4750' binary in /bin -- so users are getting "permission denied"
> errors for something in their path.
There is nothing wrong with users getting a `permission denied'
message when they try to do something they are not permitted to,
surely ?
I'm going to reopen this bug report. Sorry, Michael Meskes (but you
should have heeded my warning).
Sigh,
Ian.
Reply to: