RE: Use of suidmanager
I think it is a good idea to ask all suid programs to be entered into
suid.conf (I cannot have enough security :-)). But only the ones that
are really installed suid. If I make a program suid that's not in
suid.conf I can add this one by hand to the config file. But all the
files installed suid by default should be in /etc/suid.conf.
checksecurity (or another script) could them check for consistency.
Dr. Michael Meskes, Projekt-Manager | topsystem Systemhaus GmbH
email@example.com | Europark A2, Adenauerstr. 20
firstname.lastname@example.org | 52146 Wuerselen
Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10
>From: Andreas Jellinghaus [SMTP:email@example.com]
>Sent: Monday, June 23, 1997 11:26 PM
>To: Michael Meskes
>Subject: Re: Use of suidmanager
>On Jun 23, Michael Meskes wrote
>> Could anyone please tell me the advantages of suidmanager as it is right
>it's useless, because not all packages use it.
>> I can see the usefullness of a tool like that, but I wonder if there
>> should be a daily test run to make sure no other file are suid. Or is
>> this dones elsewhere?
>if all packages were using it, we could check the checksecurity list
>against the suid.conf, and every admin could be sure, that only programs
>listed in suid.conf are suid.
>> Also why are there file in /etc/suid.conf that are not suid at all:
>> debmake /usr/bin/build root root 755
>> debmake /usr/bin/debpkg root root 755
>because these a potential suid programs. some people have them suid (ok,
>i prefer to use sudo to start these programs), so they are listed. i
>don't know, if this makes sence or not. do i have to add such lines to
>suid.conf for programs, that might be suid, but are not shipped as suid
>in my default isdn configuration ?
>> I'd like to know more about this (and other) security related packages.
>the other package i know is checksecurity, a script ...
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to firstname.lastname@example.org .