Re: More Debian v1.2 things...

To: Kenneth MacDonald <kenny@ed.ac.uk>
Cc: debian-devel@lists.debian.org
Subject: Re: More Debian v1.2 things...
From: Craig Sanders <cas@taz.net.au>
Date: Sun, 27 Oct 1996 00:25:37 +1000 (EST)
Message-id: <[🔎] Pine.LNX.3.95.961027001807.16712A-100000@siva.taz.net.au>
In-reply-to: <199610251251.NAA00769@explosif.tls.co.uk>

On Fri, 25 Oct 1996, Kenneth MacDonald wrote:

> If you want dpkg to be suid root, and only executed by members of
> group dpkg, then ordinary users cannot query the dpkg databases (dpkg
> -l).  I feel this is a quite important feature - minimal privillages
> for jobs that don't need operator status.

cant anybody understand plain english????

for the last time:

    I DID NOT SAY I WANTED _DPKG_ TO BE SETUID ROOT OR EXECUTABLE
    ONLY BY MEMBERS OF GROUP DPKG.

Read the thread.

I was talking about a hypothetical program which provided a tk-based
interface for dpkg/dselect. And even for that hypothetical program, I
didn't say I wanted it setuid root, I was pointing out that *IF* it was
suid root then having it executable only by members of a special group
would help to minimise any potential security risks.

> If you're installing/removing packages then only root should be able
> to do so, since otherwise, root access can be gained easily by
> installing a compromised package.

yes.  of course.

Craig

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: More Debian v1.2 things...
  - From: Steve Dunham <dunham@cl-next4.cl.msu.edu>

Prev by Date: uploaded ./gnuplot_3.5-7_i386
Next by Date: Re: kernel for 1.2
Previous by thread: Re: More Debian v1.2 things...
Next by thread: Re: More Debian v1.2 things...
Index(es):
- Date
- Thread