[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sendmail issues (was: Re: cron has gone to UTC time?)



On Tue, Feb 16, 1999 at 10:30:39AM +0100, Richard Braakman wrote:
> Wichert Akkerman wrote:
> > Previously Anthony Towns wrote:
> > > Another solution (with much niftier side effects) would be implementing
> > > the admintool thing (to avoid questions), and speeding up dpkg (to make
> > > the actual installation faster).
> >
> > But speeding up doesn't help, it only shortens the vulnerable timespan.
>
> Not necessarily.  The timespan can be reduced to zero.  dpkg can
> create the new file under a different name, set its permissions
> correctly, and then replace the old file in an atomic operation.
> I think this is how it operates right now.
>
> We'd only have to invent a way for the system administrator to
> override the permissions on specific files.  This could easily be much
> more powerful than the suidregister hooks we now have in specific
> packages.  We could have a tool like dpkg-setperms that overrides the
> mode and ownership of any file.

Actually all you would have to do is change suidmanager's name. I
already use it to maintain permissions on directories and other
binaries, not just suid ones.

--
Ben Collins - -------- --------- ----  -------  -----  - - ---   --------
UnixGroup Admin                               <b.m.collins@larc.nasa.gov>
Debian Developer          GNU/Linux                 <bcollins@debian.org>
OpenLDAP Core                                     <bcollins@openldap.org>
------ -- ----- - - -------   ------- -- The Choice of the GNU Generation



Reply to: