Re: debmake suid programs
> 1. In the past it was necessary to become superuser to build a package
> due to the nature of the dpkg tools. If this is wrong then please tell
> me how dpkg could work without superuser access. I have tried a number
> of ways to circumvent the issue with no success.
It does and (IMO) it should.
> 2. Thus every person needing to build a package needs to have full
> superuser access.
It doesn't require full access to build, but it makes no difference. Since
"debian/rules" is a makefile and can thus execute any command, it is the
same as having the root password.
> 3. The permanent need to type superuser password and to issue superuser
> commands is something that is really bothering me. I want the time
> that I spend at the superuser prompt be as minimal as possible. I know
> I can make bad mistakes at that point.
"sudo" is better at this.
- It uses _your_ password
- It can be restricted to certain commands (e.g. no shells, etc.)
- It remembers your password for a little while so as long as you keep
using it, you will not be continuously prompted for it.
> 4. Since every person needing to build a package already MUST have full
> access to superuser priviledges it is reasonable to put those users
> into a group (debmake uses root) and structure/simplyfy the access to
> avoid "accidents" by issuing commands that might have unintended
> consequences.
Being in group "root" should not mean full super-user access. Because a
makefile is being exectued, this is no longer the case.
> 5. The wrappers are only accessible to those persons with group membership
> in root and they only execute commands necessary for building a package
> with due considerations of all the percularities of the dpkg tools
> minimizing the superuser environment created.
Those commands include "debian/rules" which can do anything.
> Could you submit some configuration files that can be installed in sudo to
> replace the "build", "debclean" and "debdpkg" wrappers?
This is, in my opinion, a bad idea. Supply command files that do nothing
but "sudo <command> $*", but don't install things into the sudo config files.
Doing such could make a large security hole. That is something for the
sysadmin to do and watch over.
Personally, I'd forget the whole thing. If a user is that paranoid about
logging in as root, then adding a line or two to the sudo config and creating
a 2-line script in their personal bin directory is nothing for them to do on
their own. Don't make potential security holes without significant added
benefit.
Brian
( bcwhite@verisim.com )
-------------------------------------------------------------------------------
Want to get it together? We can help! http://www.verisim.com/coordinator/
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: