[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug 26827 again (about secure-su)



warp@whitestar.soark.net writes:

> [1  <text/plain; us-ascii (quoted-printable)>]
> On Tue, Oct 20, 1998 at 07:44:42PM +0200, Michael Meskes wrote:
> > On Tue, Oct 20, 1998 at 08:45:44AM -0400, Michael Stone wrote:
> > > I could have gotten that much from the description line. :) What I was
> > > trying to get at is, "is that it?" Because if the only advantage secure-su
> > > has is that it restricts who can use it, how is installing gnu-su
> > > parallel to secure-su going to accomplish anything but nullifying
> > > secure-su's only advantage?
> > 
> > You're right of course. Argh! Never really thought about it.
> > 
> > So what do we do? I think we should move gnu-su out of fileutils into its
> > own package and make the two su packages conflict with each other.
> 
> Which still means that secure-su can not be installed on a debian
> system, as findutils, which is 'Essential: yes' requires gnu-su...
> 
> So, where does this leave us?

Could secure-su divert /bin/su from fileutils and then make the
diverted copy not suid root?  (restoring the suid bit in the postrm,
of course)  I'm not entirely certain that this would work, as I don't
know what diversions will do on upgrades, but...


Reply to: