[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RH and GNOME

On 25 Jul 1998 02:12:03 -0500 , Rob Browning wrote: 

>"Petra, Kevin J Poorman" <ewigin@SoftHome.net> writes:
>
>> dpkg should be made to call alien on a rh package automaticly
>> ... ie: dpkg -i some_package.rpm would trigger alein, and then
>> dpkg... so that it's automatic, and easy for newbies, and non-power
>> users, to install rh packages.
>
>All other issues aside, I've said it before, and I'll say it again.  I
>think this is an extremely poor idea.  Who's going to take
>responsiblilty for *big* flame festival as soon as some user tries
>
>  dpkg -i sysvinit*.rpm
>
>because they heard there was a security fix that they needed that was
>already available in the RedHat package?

As others have already suggested, default to not letting the user replace 
an essential package.

An idea I had at this point is to add a new field to the package control 
data, saying what type of program it is and, from that, what security 
implications there are.

I'm thinking of a field that describes the package as one or more of:

bootup:  Required for a _very_ basic boot up (i.e. bash, sysvinit and libc6)

daemon:  A daemon that runs on a privileged port as root (e.g. apache, 
sshd, cfingerd)

lib:     A library (e.g. libjpeg)

sysutil: A "standard" UNIX utility or replacement for one (e.g. grep, mawk, 
gawk, gcc)

app:     An application or program that would not be run as root unless 
root chose to explicitly use it (e.g. joe, emacs, netscape, pine)

suid-app: Any package that would be described as app, but has setuid 
executables in it. (e.g. dosemu)

requires-setup: Any package whose postinst script does not run fully 
automatically (ignoring failure due to some error)

(Possibly:)

suid-lib: A library used by setuid programs (e.g. svgalib)

sgid-app: Any package that would be described as app, but has setgid 
executables in it. (e.g. maelstrom)

source:   A package that will build debian packages (e.g. pine-src, 
pine-diff, kernel-package)

The idea being that installing an app, sgid-app or lib would not require 
too much of a security consideration by sysadmins; if they didn't install 
it, a luser could achieve pretty much the same by installing it in their 
home directory or /tmp, but with more hassle.  Lintian could automatically 
check how valid an app or lib description is.

Sysadmins could supply a mechanism for (a subset of) their users to install 
app's or lib's which weren't tagged as suid, sgid or requires-setup 
automatically, with a notification going to the sysadmin.

It also makes the sysadmin think when they install new packages (there are 
quite a few packages which do not obviously contain setuid/setgid programs 
(e.g. screen, splitvt); I'd like to have something notify me that the 
package contained setuid programs/ programs that would be run as root (e.g. 
/etc/cron*.d/* and /etc/init.d/* scripts))

Maybe this is all a bit much, but I think the suid flag at least is quite 
useful...



 -- Christopher Reed, Selwyn College, Cambridge --
 E-Mail: cr212@cam.ac.uk  WWW: http://dura.sel.cam.ac.uk/ [~cr212/]
 r2 T1 cSEL dCS hEn/Chi A4 S+ C*$+++L/UdP W+++ y# a VTsj (Cantab) 1.0 
kill -9 $$
 -- Christopher Reed, Selwyn College, Cambridge --
 E-Mail: cr212@cam.ac.uk  WWW: http://dura.sel.cam.ac.uk/ [~cr212/]
 r2 T1 cSEL dCS hEn/Chi A4 S+ C*$+++L/UdP W+++ y# a VTsj (Cantab) 1.0 
Sie sind so subtil wie ein Kamel mit seinem Hump auf Feuer.



--  
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: