[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Suid Manager?



On Wed, 20 Nov 1996, Chris Fearnley wrote:

cjf >I think the sendmail postinst could ask:  "SUID root sendmail is very
cjf >risky security-wise.  The Debian default is to NOT install sendmail
cjf >SUID root.  However, if your site needs one of the obscure sendmail
cjf >features that require the SUID bit say Y here.  Add SUID bit to
cjf >sendmail binary [N/y]? "  Would this satisy your conscerns while
cjf >satisfying the security conscerns of the rest of us?

That is a good idea but does not solve the issue of upgrades. I hate being
asked a question while E-mail is down for our site.

cjf >I think virtually all suid programs in Debian should by default NOT
cjf >install suid.  The postinst can add suid bits as a configuration
cjf >option.  Of course, /bin/{passwd,chfn} and etc. must be installed suid
cjf >root.  But any application that works without suid bits (such as
cjf >sendmail) should be installed without the suid bits and those bits
cjf >could be added by either the postinst or the sysadmin.

Yes. Definitely a good idea. 

I would like to have a suidmanager and every package that wants to install
a suid binary needs to use a script provides by the suidmanager which can
do site specific changes to the suid configuration. There should be a
configuration file that lists all suid binaries (so the administrator can
check up on them easily) and that would allow a administrator to simply
edit that file to change settings. Those settings would then be kept
across and update.

Then dpkg could simply not allow generating packages containing setuid
bits.

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key  =  FB 9B 31 21 04 1E 3A 33  C7 62 2F C0 CD 81 CA B5 

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com


Reply to: