Re: More Debian v1.2 things...

To: debian-devel@lists.debian.org
Subject: Re: More Debian v1.2 things...
From: Kevin Dalley <kevin@aimnet.com>
Date: 24 Oct 1996 08:36:28 -0700
Message-id: <[🔎] 87d8y874sj.fsf@aplysia.iway.aimnet.com>
In-reply-to: lists@lina.inka.de's message of Thu, 24 Oct 1996 13:31:10 +0200 (MET DST)
References: <[🔎] m0vGO0F-0004ijC@lina>

Yes, dpkg can only be run as root.  Generally, it is necessary to use
the root password in order to run dpkg.  Running dpkg is limited to
people who have the root password.  Craig Saunders suggested having a
setuid root program for novices.  Unfortunately, having a setuid
program means that anyone can install any program, included a setuid
shell.  Having a root password is no longer necessary to do this.
Thus the additional security risk.

lists@lina.inka.de (Bernd Eckenfels) writes:

> 
> > It should not be setuid root.  This would be too big of a security
> > hole.  Any package could install a setuid root sh.
> 
> Any Package can install suid root shells already, since dpkg can only be run
> be root, anyway.
> 
> 

-- 
kevin
kevin@aimnet.com

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: More Debian v1.2 things...
  - From: Craig Sanders <cas@taz.net.au>

References:
- Re: More Debian v1.2 things...
  - From: lists@lina.inka.de (Bernd Eckenfels)

Prev by Date: Re: Upcoming Debian Releases
Next by Date: Re: Stable and unstable
Previous by thread: Re: More Debian v1.2 things...
Next by thread: Re: More Debian v1.2 things...
Index(es):
- Date
- Thread