Re: More Debian v1.2 things...

To: Kevin Dalley <kevin@aimnet.com>
Cc: debian-devel@lists.debian.org
Subject: Re: More Debian v1.2 things...
From: Craig Sanders <cas@taz.net.au>
Date: Fri, 25 Oct 1996 14:44:48 +1000 (EST)
Message-id: <[🔎] Pine.LNX.3.95.961025144401.529K-100000@siva.taz.net.au>
In-reply-to: <[🔎] 87wwwg29m0.fsf@aplysia.iway.aimnet.com>

On 23 Oct 1996, Kevin Dalley wrote:

> Craig Sanders <cas@taz.net.au> writes:
> 
> > Another point to think about is whether such a program should be setuid
> > root or whether the admin should su to root before running it. It should
> > be possible to make it safe if there is a, say, 'dpkg' group and your
> > tk-dselect is owned by root:dpkg and mode 4754.
> > 
> 
> It should not be setuid root.  This would be too big of a security
> hole.  Any package could install a setuid root sh.

any package can do that now, anyway.

dpkg -i only works if it's run as root.

Craig

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- Re: More Debian v1.2 things...
  - From: Kevin Dalley <kevin@aimnet.com>

Prev by Date: Re: More Debian v1.2 things...
Next by Date: First pass at GnuStep under Debian [pthreads]
Previous by thread: Re: 'dpkg' and setuid
Next by thread: Re: More Debian v1.2 things...
Index(es):
- Date
- Thread