Re: In defense of Suidmanager
Guy Maor <maor@ece.utexas.edu> writes:
> Christoph Lameter <clameter@waterf.org> writes:
>
> > I think dpkg is the wrong place to put the management of those bits
> > because the suidbits should be under the control of the maintainer.
>
> They are - the maintainer sets them.
>
> > Some form of script interface is needed which the envisioned dpkg solution
> > would not provide.
>
> What actual advantage does this script interface have? Besides being
> a script?
>
> > Another argument for /etc/suid.conf is the very desirable feature to have
> > one file which lists ALL files that could be potential security risks.
>
> /var/log/setuid.today
>
> > The system administrator has it much easier if he can just edit a file to
> > set up his local policy regarding these issues.
>
> That's what Ian's proposal gives us. The difference between his and
> yours is:
>
> 1) package maintainers don't have to do anything differently.
>
> 2) The sysadmin only needs to list the files where he overrode the
> defaults.
>
3) Will also work for other permission changes, if I read the proposal
correctly.
Andy.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: