[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#58640: wrapper does not handle fakeroot well

On Wed, Feb 23, 2000 at 12:49:16AM -0900, Ethan Benson wrote:
> as you can see if we get uid man then we just just chmod the man
> binary writable just fine and write to it. the only way to protect man

OK.

It seems to me that this is a very complicated solution which is
just trying to prevent problems in case an exploit were found in man.

So man is exploited, what can happen? Use the wrapper script to ensure
that man always runs setuid (and never as root), perhaps. Otherwise
we're trying to solve a problem we don't even have yet. If we did
this with every package, especially the kernel, we'd have a lot of
work to do. 

It might be quicker just to audit the code!

Better yet, make man client/server :-o


Hamish
-- 
Hamish Moffatt VK3SB. CCs of replies on mailing lists are welcome.
Reply to: