Re: shellutils grave bug
> > Found the problem: the slink version of debhelper didn't strip the
> > setuid bit from executables, the current potato version does. Fix:
> > dh_fixperms -Xbin/su
> >
> > NMU is currently in progress.
> That or use dh_suidregister.
>
> That is what I did in my own local copy of shellutils (way back when glibc2.1
> first came out w/ utmpd, and who and w didn't work)
I thought about that, but decided against it: su is a little too
important IMHO to trust to the vagaries of shell scripts. If
something breaks with suidregister or whatever -- whoosh! no /bin/su.
If a sysadmin wants something more secure or whatever, he should look
into secure-su.
But it's not my package; I've just uploaded a usable version, and it's
up to the maintainer where to go from here.
Julian
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
Debian GNU/Linux Developer, see http://www.debian.org/~jdg
Reply to: