Re: More Debian v1.2 things...

To: debian-devel@lists.debian.org
Subject: Re: More Debian v1.2 things...
From: Kevin Dalley <kevin@aimnet.com>
Date: 23 Oct 1996 22:51:18 -0700
Message-id: <[🔎] 87wwwg29m0.fsf@aplysia.iway.aimnet.com>
In-reply-to: Craig Sanders's message of Wed, 23 Oct 1996 10:45:28 +1000 (EST)
References: <[🔎] Pine.LNX.3.95.961023102422.4463B-100000@siva.taz.net.au>

Craig Sanders <cas@taz.net.au> writes:

> Another point to think about is whether such a program should be setuid
> root or whether the admin should su to root before running it. It should
> be possible to make it safe if there is a, say, 'dpkg' group and your
> tk-dselect is owned by root:dpkg and mode 4754.
> 

It should not be setuid root.  This would be too big of a security
hole.  Any package could install a setuid root sh.


-- 
kevin
kevin@aimnet.com

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: More Debian v1.2 things...
  - From: lists@lina.inka.de (Bernd Eckenfels)
- Re: More Debian v1.2 things...
  - From: Craig Sanders <cas@taz.net.au>

References:
- Re: More Debian v1.2 things...
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: Re: Upcoming Debian Releases
Next by Date: Re: dselect user interface
Previous by thread: Re: More Debian v1.2 things...
Next by thread: Re: More Debian v1.2 things...
Index(es):
- Date
- Thread