Re: installation of suid binaries by dpkg &c.
'Ian Jackson wrote:'
>
>I think that the mechanisms that have been proposed are interesting,
>and do meet a real need.
>
>However, I think they're way too complicated.
>
>I propose the following arrangement instead: that there be a
>configuration file for dpkg which can override installed packages'
>idea of what ownerships and permissions files should have.
>
>When you chown a binary you just add the name of the file to this
>configuration file, and the next time dpkg updates the binary it will
>copy the old permissions rather than using the ones from the package.
>
>The configuration file doesn't need to contain the actual permissions
>and ownerships desired for the files it lists.
I do admire simplicity! I think your proposal would satisfy the
design criteria that dpkg not override local security configuration.
But it doesn't address the goal of having a sanity check. However, I
think the latter functionality would be even better performed by
cfengine or tripwire. Hence I think your division of the problem is
correct.
Since this approach would require dpkg to store the results of a stat()
on each file /before/ it installs the file (how else to know there
permissions and ownership after the file has been replaced??), we could
add run-time support for dpkg to not overwrite any file that already
exists on the system (except in case it is from the old package being
replaced).
Hmm, thinking about that stat() call makes me worry about performance.
Maybe this would slow dpkg down too much?
--
Christopher J. Fearnley | Linux/Internet Consulting
cjf@netaxs.com, cjf@onit.net | UNIX SIG Leader at PACS
http://www.netaxs.com/~cjf | (Philadelphia Area Computer Society)
ftp://ftp.netaxs.com/people/cjf | Design Science Revolutionary
"Dare to be Naive" -- Bucky Fuller | Explorer in Universe
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: