Re: Bug 26827 again (about secure-su)
warp@whitestar.soark.net writes:
> [1 <text/plain; us-ascii (quoted-printable)>]
> On Tue, Oct 20, 1998 at 07:44:42PM +0200, Michael Meskes wrote:
> > On Tue, Oct 20, 1998 at 08:45:44AM -0400, Michael Stone wrote:
> > > I could have gotten that much from the description line. :) What I was
> > > trying to get at is, "is that it?" Because if the only advantage secure-su
> > > has is that it restricts who can use it, how is installing gnu-su
> > > parallel to secure-su going to accomplish anything but nullifying
> > > secure-su's only advantage?
> >
> > You're right of course. Argh! Never really thought about it.
> >
> > So what do we do? I think we should move gnu-su out of fileutils into its
> > own package and make the two su packages conflict with each other.
>
> Which still means that secure-su can not be installed on a debian
> system, as findutils, which is 'Essential: yes' requires gnu-su...
>
> So, where does this leave us?
Could secure-su divert /bin/su from fileutils and then make the
diverted copy not suid root? (restoring the suid bit in the postrm,
of course) I'm not entirely certain that this would work, as I don't
know what diversions will do on upgrades, but...
Reply to: