[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The unanswered Question

On Fri, 22 Nov 1996, Ian Jackson wrote:

ian >> Then change the policy. Both packages give instructions on how to change
ian >> the permission of binaries in order to gain functionality and thus violate
ian >> the policy.
ian >
ian >I feel we have a serious miscommunication here.  What policy are you
ian >asking me to change ?  Our policy on whether something should be
ian >setuid ?  We don't have one at the moment, but at this rate we will
ian >have soon.  At the moment we're just expecting maintainers to use
ian >common sense and caution.

Section 3.3 of the Policy Manual states:

 Do not arrange that the system administrator can only reconfigure the
 package to correspond to their local security policy by changing the
 permissions on a binary. Ordinary files installed by dpkg (as opposed to
 conffiles and other similar objects) have their permissions reset to the
 distributed permissions when the package is reinstalled.  Instead you
 should consider (for example) creating a group for people allowed to use
 the program(s) and making any setuid executables executable only by that

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key  =  FB 9B 31 21 04 1E 3A 33  C7 62 2F C0 CD 81 CA B5 

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: