Re: debmake suid programs

To: Christoph Lameter <clameter@waterf.org>
Cc: Debian Developers <debian-devel@lists.debian.org>
Subject: Re: debmake suid programs
From: "Brian C. White" <bcwhite@verisim.com>
Date: Thu, 07 Nov 1996 12:29:09 -0500
Message-id: <32821C65.1B63937A@verisim.com>
References: <Pine.LNX.3.95.961107064046.3406B-100000@waterf.org>

> 1. In the past it was necessary to become superuser to build a package
>    due to the nature of the dpkg tools. If this is wrong then please tell
>    me how dpkg could work without superuser access. I have tried a number
>    of ways to circumvent the issue with no success.

It does and (IMO) it should.


> 2. Thus every person needing to build a package needs to have full
>    superuser access.

It doesn't require full access to build, but it makes no difference.  Since
"debian/rules" is a makefile and can thus execute any command, it is the
same as having the root password.


> 3. The permanent need to type superuser password and to issue superuser
>    commands is something that is really bothering me. I want the time
>    that I spend at the superuser prompt be as minimal as possible. I know
>    I can make bad mistakes at that point.

"sudo" is better at this.
 - It uses _your_ password
 - It can be restricted to certain commands (e.g. no shells, etc.)
 - It remembers your password for a little while so as long as you keep
   using it, you will not be continuously prompted for it.


> 4. Since every person needing to build a package already MUST have full
>    access to superuser priviledges it is reasonable to put those users
>    into a group (debmake uses root) and structure/simplyfy the access to
>    avoid "accidents" by issuing commands that might have unintended
>    consequences.

Being in group "root" should not mean full super-user access.  Because a
makefile is being exectued, this is no longer the case.


> 5. The wrappers are only accessible to those persons with group membership
>    in root and they only execute commands necessary for building a package
>    with due considerations of all the percularities of the dpkg tools
>    minimizing the superuser environment created.

Those commands include "debian/rules" which can do anything.


> Could you submit some configuration files that can be installed in sudo to
> replace the "build", "debclean" and "debdpkg" wrappers?

This is, in my opinion, a bad idea.  Supply command files that do nothing
but "sudo <command> $*", but don't install things into the sudo config files.
Doing such could make a large security hole.  That is something for the
sysadmin to do and watch over.

Personally, I'd forget the whole thing.  If a user is that paranoid about
logging in as root, then adding a line or two to the sudo config and creating
a 2-line script in their personal bin directory is nothing for them to do on
their own.  Don't make potential security holes without significant added
benefit.
                                             
                                          Brian
                                 ( bcwhite@verisim.com )
                                             
-------------------------------------------------------------------------------
  Want to get it together?  We can help!  http://www.verisim.com/coordinator/

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

References:
- debmake suid programs
  - From: Christoph Lameter <clameter@waterf.org>

Prev by Date: Packages needing maintenance:
Next by Date: Bug#5312: ae escapes 8-bit chars by default
Previous by thread: Re: debmake suid programs
Next by thread: Re: debmake suid programs
Index(es):
- Date
- Thread