Re: Suid Manager?

To: Christoph Lameter <clameter@waterf.org>
Cc: Chris Fearnley <cjf@netaxs.com>, jgoerzen@complete.org, debian-devel@lists.debian.org
Subject: Re: Suid Manager?
From: Buddha Buck <bmbuck@acsu.buffalo.edu>
Date: Thu, 21 Nov 1996 03:03:55 -0500
Message-id: <199611210803.DAA28784@not-a-real-site.acsu.buffalo.edu>
Reply-to: bmbuck@acsu.buffalo.edu
In-reply-to: Your message of "Wed, 20 Nov 1996 08:22:16 PST." <Pine.LNX.3.95.961120081723.17691A-100000@waterf.org>

> 
> I would like to have a suidmanager and every package that wants to install
> a suid binary needs to use a script provides by the suidmanager which can
> do site specific changes to the suid configuration. There should be a
> configuration file that lists all suid binaries (so the administrator can
> check up on them easily) and that would allow a administrator to simply
> edit that file to change settings. Those settings would then be kept
> across and update.
> 
> Then dpkg could simply not allow generating packages containing setuid
> bits.

I would recommend expanding this to a s/uid/gid manager, with similar 
semantics.

In another thread, we are discussing what to do about qmail wanting 7 
dedicated UIDs and a GID.  Ian Jackson wants to reserve UIDs 0-99 for 
static, Debian distributed critical users, and dynamically alocate UIDs 
in the range of 65000-65533 to packages that want multiple UIDs.

I like this solution, but it yields another problem.

I assume that qmail wants some files to be owned by these 7 users and 1 
group, and some of those to be SUID and SGID.  As I understand how dpkg 
works, the files are unpacked before the users would be created, so 
there is no guarantee that they will be installed with the right UIDs, 
especially if the accounts are dynamically allocated.

However, by having a script as part of dpkg (or base-passwd) that sets 
uids, gids, and modes of specified files based on a control file, a 
package could do something as simple as give the command "fixperms 
--package packagename" in its postinst script, and the fixperms script 
would do the right thing based on the control file, creating the new 
users and setting the proper ownership and modes.

I also think that it should be stated (and enforced, if possible) 
policy that packages cannot modify the modes or owners of files they do 
not own, nor can they set the UIDs and GIDs of files to users and 
groups that are not installed either by base-passwd or by that package 
itself.


> 
> --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
> PGP Public Key  =  FB 9B 31 21 04 1E 3A 33  C7 62 2F C0 CD 81 CA B5 
> 
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
> 

-- 
     Buddha Buck                      bmbuck@acsu.buffalo.edu
"Just as the strength of the Internet is chaos, so the strength of our
liberty depends upon the chaos and cacaphony of the unfettered speech
the First Amendment protects."  -- A.L.A. v. U.S. Dept. of Justice

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: Suid Manager?
  - From: Guy Maor <maor@ece.utexas.edu>
- Re: Suid Manager?
  - From: Lars Wirzenius <liw@iki.fi>
- Suid Manager Proposal
  - From: Christoph Lameter <clameter@waterf.org>

References:
- Suid Manager?
  - From: Christoph Lameter <clameter@waterf.org>

Prev by Date: Alpha, once again
Next by Date: Re: Passwd/Group changes proposal v2
Previous by thread: Suid Manager?
Next by thread: Re: Suid Manager?
Index(es):
- Date
- Thread