[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Use of suidmanager

I think it is a good idea to ask all suid programs to be entered into
suid.conf (I cannot have enough security :-)). But only the ones that
are really installed suid. If I make a program suid that's not in
suid.conf I can add this one by hand to the config file. But all  the
files installed suid by default should be in /etc/suid.conf.
checksecurity (or another script) could them check for consistency.


Dr. Michael Meskes, Projekt-Manager    | topsystem Systemhaus GmbH
meskes@topsystem.de                    | Europark A2, Adenauerstr. 20
meskes@debian.org                      | 52146 Wuerselen
Go SF49ers! Go Rhein Fire!             | Tel: (+49) 2405/4670-44
Use Debian GNU/Linux!                  | Fax: (+49) 2405/4670-10

>-----Original Message-----
>From:	Andreas Jellinghaus [SMTP:aj@dungeon.inka.de]
>Sent:	Monday, June 23, 1997 11:26 PM
>To:	Michael Meskes
>Cc:	debian-devel@lists.debian.org
>Subject:	Re: Use of suidmanager
>On Jun 23, Michael Meskes wrote
>> Could anyone please tell me the advantages of suidmanager as it is right
>> now? 
>it's useless, because not all packages use it. 
>> I can see the usefullness of a tool like that, but I wonder if there
>> should be a daily test run to make sure no other file are suid. Or is
>> this dones elsewhere?
>if all packages were using it, we could check the checksecurity list
>against the suid.conf, and every admin could be sure, that only programs
>listed in suid.conf are suid.
>> Also why are there file in /etc/suid.conf that are not suid at all:
>> debmake /usr/bin/build root root 755
>> debmake /usr/bin/debpkg root root 755
>because these a potential suid programs. some people have them suid (ok,
>i prefer to use sudo to start these programs), so they are listed. i
>don't know, if this makes sence or not. do i have to add such lines to
>suid.conf for programs, that might be suid, but are not shipped as suid
>in my default isdn configuration ?
>> I'd like to know more about this (and other) security related packages.
>the other package i know is checksecurity, a script ...
>regards, andreas

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: