Re: Bug#4051: access permissions for /usr/bin/fdmount
Ian Jackson writes:
> Obviously if you've done it right having the binary check itself
> whether rgid or getgroups includes `floppy' and having it only
> executable by group floppy have the same security effect.
Yes, it checks getgroups.
> However, there are other differences: having the permissions on the
> binary do the enforcement means that a programming error of any kind
> in the binary is at most an exposure to group floppy (which may well
> be only the sysadmin anyway). It also makes it much more obvious to
> people how to get access.
I have no problem with it being mode 4750 again.
> We should either change fdmount to match the policy and the other
> similar programs (dip, for example), or we should change the policy
> and the other programs to match fdmount.
>
> I think that using the file permissions is technically superior, so I
> think we should stick with it.
No problem with me. But just in case I let the group check in (since it's in
the upstream source anyway).
I'm preparing a new version.
Michael
--
Michael Meskes | _____ ________ __ ____
meskes@informatik.rwth-aachen.de | / ___// ____/ // / / __ \___ __________
meskes@sanet.de | \__ \/ /_ / // /_/ /_/ / _ \/ ___/ ___/
meskes@debian.org | ___/ / __/ /__ __/\__, / __/ / (__ )
Use Debian Linux! | /____/_/ /_/ /____/\___/_/ /____/
Reply to: