RE: Use of suidmanager

To: "'Andreas Jellinghaus'" <aj@dungeon.inka.de>, "'Michael Meskes'" <meskes@topsystem.de>
Cc: "'debian-devel@lists.debian.org'" <debian-devel@lists.debian.org>
Subject: RE: Use of suidmanager
From: Michael Meskes <meskes@topsystem.de>
Date: Tue, 24 Jun 1997 15:22:41 +0200
Message-id: <[🔎] c=DE%a=_%p=topsystem%l=EINSTEIN-970624132241Z-346@einstein.topsystem.de>

I think it is a good idea to ask all suid programs to be entered into
suid.conf (I cannot have enough security :-)). But only the ones that
are really installed suid. If I make a program suid that's not in
suid.conf I can add this one by hand to the config file. But all  the
files installed suid by default should be in /etc/suid.conf.
checksecurity (or another script) could them check for consistency.

Michael

--
Dr. Michael Meskes, Projekt-Manager    | topsystem Systemhaus GmbH
meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
meskes@debian.org                      | 52146 Wuerselen
Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10

>-----Original Message-----
>From:	Andreas Jellinghaus [SMTP:aj@dungeon.inka.de]
>Sent:	Monday, June 23, 1997 11:26 PM
>To:	Michael Meskes
>Cc:	debian-devel@lists.debian.org
>Subject:	Re: Use of suidmanager
>
>On Jun 23, Michael Meskes wrote
>> Could anyone please tell me the advantages of suidmanager as it is right
>> now? 
>
>it's useless, because not all packages use it. 
>
>> I can see the usefullness of a tool like that, but I wonder if there
>> should be a daily test run to make sure no other file are suid. Or is
>> this dones elsewhere?
>
>if all packages were using it, we could check the checksecurity list
>against the suid.conf, and every admin could be sure, that only programs
>listed in suid.conf are suid.
>
>> Also why are there file in /etc/suid.conf that are not suid at all:
>> 
>> debmake /usr/bin/build root root 755
>> debmake /usr/bin/debpkg root root 755
>
>because these a potential suid programs. some people have them suid (ok,
>i prefer to use sudo to start these programs), so they are listed. i
>don't know, if this makes sence or not. do i have to add such lines to
>suid.conf for programs, that might be suid, but are not shipped as suid
>in my default isdn configuration ?
>
>> I'd like to know more about this (and other) security related packages.
>
>the other package i know is checksecurity, a script ...
>
>regards, andreas


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Prev by Date: Re: Editor wars considered harmful
Next by Date: RE: Use of suidmanager
Previous by thread: Re: Use of suidmanager
Next by thread: RE: Use of suidmanager
Index(es):
- Date
- Thread