Re: debmake 1.14 uploaded
On Wed, 6 Nov 1996, Ian Jackson wrote:
ian >Christoph Lameter <clameter@waterf.org> writes:
ian >> * New: "build" a suid wrapper for dpkg-buildpackage and "debian/rules binary"
ian >> * New: "debpkg" a suid wrapper for dpkg.
ian >> ...
ian >> * Suid wrappers accessible for users of group "root" only.
ian >> * Complete development cycle possible from a regular account without
ian >> having to "su".
ian >
ian >*WHAT* ?!!!!?!!!
ian >
ian >You've made a global decision for everyone who installs debmake that
ian >anyone in group root is to be trusted with root access, and you don't
ian >really tell either ?
No one is usually in group root. And the wrappers naturally such big
security holes that using those wrappers is almost equal to superuser
access anyways. So I thought membership of group root would be
an appropriate rquirement. If you have any better suggestions then tell
me.
ian >There is _no reason_ for debmake (or indeed dpkg) to include any
ian >suid-root tools. If people want this kind of facility it should be
ian >provided by special-purpose programs like super, sudo, really or su.
There is special environment handling going on and all those tools expect
the REAL userid to be changed and not the effective UID. Otherwise your
tools wont work.
--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key = FB 9B 31 21 04 1E 3A 33 C7 62 2F C0 CD 81 CA B5
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: