Re: shellutils grave bug

To: brian@cicat.com (Brian Almeida)
Cc: J.D.Gilbey@qmw.ac.uk, debian-devel@lists.debian.org
Subject: Re: shellutils grave bug
From: Julian Gilbey <J.D.Gilbey@qmw.ac.uk>
Date: Thu, 3 Jun 1999 00:16:34 +0100 (BST)
Message-id: <[🔎] E10pKFO-0006oK-00@polya>
In-reply-to: <[🔎] 19990602134738.A712@debian.org> from Brian Almeida at "Jun 2, 1999 1:47:38 pm"

> > Found the problem: the slink version of debhelper didn't strip the
> > setuid bit from executables, the current potato version does.  Fix:
> >   dh_fixperms -Xbin/su
> > 
> > NMU is currently in progress.
> That or use dh_suidregister.
> 
> That is what I did in my own local copy of shellutils (way back when glibc2.1
> first came out w/ utmpd, and who and w didn't work)

I thought about that, but decided against it: su is a little too
important IMHO to trust to the vagaries of shell scripts.  If
something breaks with suidregister or whatever -- whoosh! no /bin/su.
If a sysadmin wants something more secure or whatever, he should look
into secure-su.

But it's not my package; I've just uploaded a usable version, and it's
up to the maintainer where to go from here.

   Julian

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

  Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
        Debian GNU/Linux Developer,  see http://www.debian.org/~jdg

Reply to:

Follow-Ups:
- Re: shellutils grave bug
  - From: Edward Betts <edward@debian.org>

References:
- Re: shellutils grave bug
  - From: Brian Almeida <brian@cicat.com>

Prev by Date: Re: Killer floppy
Next by Date: Re: #38544: Gettext solution (Was: Re: gettext packages)
Previous by thread: Re: shellutils grave bug
Next by thread: Re: shellutils grave bug
Index(es):
- Date
- Thread