RE: Use of suidmanager
I think it is a good idea to ask all suid programs to be entered into
suid.conf (I cannot have enough security :-)). But only the ones that
are really installed suid. If I make a program suid that's not in
suid.conf I can add this one by hand to the config file. But all the
files installed suid by default should be in /etc/suid.conf.
checksecurity (or another script) could them check for consistency.
Michael
--
Dr. Michael Meskes, Projekt-Manager | topsystem Systemhaus GmbH
meskes@topsystem.de | Europark A2, Adenauerstr. 20
meskes@debian.org | 52146 Wuerselen
Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10
>-----Original Message-----
>From: Andreas Jellinghaus [SMTP:aj@dungeon.inka.de]
>Sent: Monday, June 23, 1997 11:26 PM
>To: Michael Meskes
>Cc: debian-devel@lists.debian.org
>Subject: Re: Use of suidmanager
>
>On Jun 23, Michael Meskes wrote
>> Could anyone please tell me the advantages of suidmanager as it is right
>> now?
>
>it's useless, because not all packages use it.
>
>> I can see the usefullness of a tool like that, but I wonder if there
>> should be a daily test run to make sure no other file are suid. Or is
>> this dones elsewhere?
>
>if all packages were using it, we could check the checksecurity list
>against the suid.conf, and every admin could be sure, that only programs
>listed in suid.conf are suid.
>
>> Also why are there file in /etc/suid.conf that are not suid at all:
>>
>> debmake /usr/bin/build root root 755
>> debmake /usr/bin/debpkg root root 755
>
>because these a potential suid programs. some people have them suid (ok,
>i prefer to use sudo to start these programs), so they are listed. i
>don't know, if this makes sence or not. do i have to add such lines to
>suid.conf for programs, that might be suid, but are not shipped as suid
>in my default isdn configuration ?
>
>> I'd like to know more about this (and other) security related packages.
>
>the other package i know is checksecurity, a script ...
>
>regards, andreas
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: