Re: In defense of Suidmanager

To: debian-devel@lists.debian.org
Subject: Re: In defense of Suidmanager
From: Guy Maor <maor@ece.utexas.edu>
Date: 27 Nov 1996 13:17:56 -0600
Message-id: <87682r9wkb.fsf@slip-87-8.ots.utexas.edu>
In-reply-to: Christoph Lameter's message of Wed, 27 Nov 1996 10:31:48 -0800 (PST)
References: <Pine.LNX.3.95.961127102606.2466A-100000@waterf.org>

Christoph Lameter <clameter@waterf.org> writes:

> I think dpkg is the wrong place to put the management of those bits
> because the suidbits should be under the control of the maintainer.

They are - the maintainer sets them.

> Some form of script interface is needed which the envisioned dpkg solution
> would not provide.

What actual advantage does this script interface have?  Besides being
a script?

> Another argument for /etc/suid.conf is the very desirable feature to have
> one file which lists ALL files that could be potential security risks.

/var/log/setuid.today

> The system administrator has it much easier if he can just edit a file to
> set up his local policy regarding these issues.

That's what Ian's proposal gives us.  The difference between his and
yours is:

1) package maintainers don't have to do anything differently.

2) The sysadmin only needs to list the files where he overrode the
defaults.

So it's less work for all parties.

Guy

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: In defense of Suidmanager
  - From: Christoph Lameter <clameter@waterf.org>
- Re: In defense of Suidmanager
  - From: Andy Guy <awpguy@acs.ucalgary.ca>

References:
- In defense of Suidmanager
  - From: Christoph Lameter <clameter@waterf.org>

Prev by Date: Re: Upcoming Debian Releases
Next by Date: Re: Bug#5657: base-files still leaves base on the system
Previous by thread: In defense of Suidmanager
Next by thread: Re: In defense of Suidmanager
Index(es):
- Date
- Thread