Re: In defense of Suidmanager
Christoph Lameter <clameter@waterf.org> writes:
> I think dpkg is the wrong place to put the management of those bits
> because the suidbits should be under the control of the maintainer.
They are - the maintainer sets them.
> Some form of script interface is needed which the envisioned dpkg solution
> would not provide.
What actual advantage does this script interface have? Besides being
a script?
> Another argument for /etc/suid.conf is the very desirable feature to have
> one file which lists ALL files that could be potential security risks.
/var/log/setuid.today
> The system administrator has it much easier if he can just edit a file to
> set up his local policy regarding these issues.
That's what Ian's proposal gives us. The difference between his and
yours is:
1) package maintainers don't have to do anything differently.
2) The sysadmin only needs to list the files where he overrode the
defaults.
So it's less work for all parties.
Guy
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: