Re: More Debian v1.2 things...

To: Craig Sanders <cas@taz.net.au>
Cc: Kenneth MacDonald <kenny@ed.ac.uk>, debian-devel@lists.debian.org
Subject: Re: More Debian v1.2 things...
From: Steve Dunham <dunham@cl-next4.cl.msu.edu>
Date: 26 Oct 1996 20:02:14 -0500
Message-id: <[🔎] m2k9sd6wyx.fsf@dunham.tcimet.net>
In-reply-to: Craig Sanders's message of Sun, 27 Oct 1996 00:25:37 +1000 (EST)
References: <[🔎] Pine.LNX.3.95.961027001807.16712A-100000@siva.taz.net.au>

Craig Sanders <cas@taz.net.au> writes:

> On Fri, 25 Oct 1996, Kenneth MacDonald wrote:

> > If you want dpkg to be suid root, and only executed by members of
> > group dpkg, then ordinary users cannot query the dpkg databases (dpkg
> > -l).  I feel this is a quite important feature - minimal privillages
> > for jobs that don't need operator status.

> cant anybody understand plain english????

> for the last time:

>     I DID NOT SAY I WANTED _DPKG_ TO BE SETUID ROOT OR EXECUTABLE
>     ONLY BY MEMBERS OF GROUP DPKG.

> Read the thread.

> I was talking about a hypothetical program which provided a tk-based
> interface for dpkg/dselect. And even for that hypothetical program, I
> didn't say I wanted it setuid root, I was pointing out that *IF* it was
> suid root then having it executable only by members of a special group
> would help to minimise any potential security risks.

Doesn't the "sudo" program address this problem. (Allowing a group of
users to execute certain commands as root.)

Steve
dunham@gdl.msu.edu

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- Re: More Debian v1.2 things...
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: Bug#4982: Incorrect filenames in diald setup
Next by Date: Bug#4983: mailcrypt doesn't sign+encrypt
Previous by thread: Re: More Debian v1.2 things...
Next by thread: Re: Debmake updated and ideas regarding dpkg
Index(es):
- Date
- Thread