Suid Manager?
On Wed, 20 Nov 1996, Chris Fearnley wrote:
cjf >I think the sendmail postinst could ask: "SUID root sendmail is very
cjf >risky security-wise. The Debian default is to NOT install sendmail
cjf >SUID root. However, if your site needs one of the obscure sendmail
cjf >features that require the SUID bit say Y here. Add SUID bit to
cjf >sendmail binary [N/y]? " Would this satisy your conscerns while
cjf >satisfying the security conscerns of the rest of us?
That is a good idea but does not solve the issue of upgrades. I hate being
asked a question while E-mail is down for our site.
cjf >I think virtually all suid programs in Debian should by default NOT
cjf >install suid. The postinst can add suid bits as a configuration
cjf >option. Of course, /bin/{passwd,chfn} and etc. must be installed suid
cjf >root. But any application that works without suid bits (such as
cjf >sendmail) should be installed without the suid bits and those bits
cjf >could be added by either the postinst or the sysadmin.
Yes. Definitely a good idea.
I would like to have a suidmanager and every package that wants to install
a suid binary needs to use a script provides by the suidmanager which can
do site specific changes to the suid configuration. There should be a
configuration file that lists all suid binaries (so the administrator can
check up on them easily) and that would allow a administrator to simply
edit that file to change settings. Those settings would then be kept
across and update.
Then dpkg could simply not allow generating packages containing setuid
bits.
--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key = FB 9B 31 21 04 1E 3A 33 C7 62 2F C0 CD 81 CA B5
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: