[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: debmake suid programs

> 1. In the past it was necessary to become superuser to build a package
>    due to the nature of the dpkg tools. If this is wrong then please tell
>    me how dpkg could work without superuser access. I have tried a number
>    of ways to circumvent the issue with no success.

It does and (IMO) it should.

> 2. Thus every person needing to build a package needs to have full
>    superuser access.

It doesn't require full access to build, but it makes no difference.  Since
"debian/rules" is a makefile and can thus execute any command, it is the
same as having the root password.

> 3. The permanent need to type superuser password and to issue superuser
>    commands is something that is really bothering me. I want the time
>    that I spend at the superuser prompt be as minimal as possible. I know
>    I can make bad mistakes at that point.

"sudo" is better at this.
 - It uses _your_ password
 - It can be restricted to certain commands (e.g. no shells, etc.)
 - It remembers your password for a little while so as long as you keep
   using it, you will not be continuously prompted for it.

> 4. Since every person needing to build a package already MUST have full
>    access to superuser priviledges it is reasonable to put those users
>    into a group (debmake uses root) and structure/simplyfy the access to
>    avoid "accidents" by issuing commands that might have unintended
>    consequences.

Being in group "root" should not mean full super-user access.  Because a
makefile is being exectued, this is no longer the case.

> 5. The wrappers are only accessible to those persons with group membership
>    in root and they only execute commands necessary for building a package
>    with due considerations of all the percularities of the dpkg tools
>    minimizing the superuser environment created.

Those commands include "debian/rules" which can do anything.

> Could you submit some configuration files that can be installed in sudo to
> replace the "build", "debclean" and "debdpkg" wrappers?

This is, in my opinion, a bad idea.  Supply command files that do nothing
but "sudo <command> $*", but don't install things into the sudo config files.
Doing such could make a large security hole.  That is something for the
sysadmin to do and watch over.

Personally, I'd forget the whole thing.  If a user is that paranoid about
logging in as root, then adding a line or two to the sudo config and creating
a 2-line script in their personal bin directory is nothing for them to do on
their own.  Don't make potential security holes without significant added
                                 ( bcwhite@verisim.com )
  Want to get it together?  We can help!  http://www.verisim.com/coordinator/

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: