Re: dpkg-statoverride vs. suidmanager

To: debian-devel@lists.debian.org
Subject: Re: dpkg-statoverride vs. suidmanager
From: Joey Hess <joeyh@debian.org>
Date: Wed, 29 Nov 2000 18:21:13 -0800
Message-id: <[🔎] 20001129182113.X25201@kitenet.net>
Mail-followup-to: Joey Hess <joeyh@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20001130023242.A8106@cistron.nl>; from wichert@cistron.nl on Thu, Nov 30, 2000 at 02:32:42AM +0100
References: <[🔎] 20001130010126.A32547@cistron.nl> <[🔎] 20001129161044.Q25201@kitenet.net> <[🔎] 20001130011940.I32547@cistron.nl> <[🔎] 20001129162247.S25201@kitenet.net> <[🔎] 20001130015550.D2589@cistron.nl> <[🔎] 20001129171244.U25201@kitenet.net> <[🔎] 20001130021853.I2589@cistron.nl> <[🔎] 20001129172618.V25201@kitenet.net> <[🔎] 20001129172753.W25201@kitenet.net> <[🔎] 20001130023242.A8106@cistron.nl>

Wichert Akkerman wrote:
> Previously Joey Hess wrote:
> > Idea -- how about making "dpkg-statoverride --import-from-suidregister pkg
> > file file file ..." call effectively the code you have written?
> 
> Sure, I could do that.

So I package needs to call that in its preinst, if a recent enough
version of dpkg is present.

What if such a package is upgraded using an older version of dpkg
though? It used to contain a binary that is registered with
suidregister. The new version of the package will contain the binary,
but the binary will be suid. 

If it detects that statoverride doesn't work, and does the old 
suidregister ritual in its postinst, there was a window there the 
binary was temporarily suid, even if the user has overridden that
with suidmanager. 

Doing the suidregister stuff in the preinst is even worse, because then
dpkg will waltz in and install the newly suid binary, overriding the 
user's preferences.

So the only choice I can see is to require that all such packages that used 
to use suidregister have a versioned dependancy on dpkg.

-- 
see shy jo

Reply to:

Follow-Ups:
- Re: dpkg-statoverride vs. suidmanager
  - From: Wichert Akkerman <wichert@cistron.nl>

References:
- Re: dpkg-statoverride vs. suidmanager
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: dpkg-statoverride vs. suidmanager
  - From: Joey Hess <joeyh@debian.org>
- Re: dpkg-statoverride vs. suidmanager
  - From: Wichert Akkerman <wichert@valinux.com>
- Re: dpkg-statoverride vs. suidmanager
  - From: Joey Hess <joeyh@debian.org>
- Re: dpkg-statoverride vs. suidmanager
  - From: Wichert Akkerman <wichert@valinux.com>
- Re: dpkg-statoverride vs. suidmanager
  - From: Joey Hess <joeyh@debian.org>
- Re: dpkg-statoverride vs. suidmanager
  - From: Wichert Akkerman <wichert@valinux.com>
- Re: dpkg-statoverride vs. suidmanager
  - From: Joey Hess <joeyh@debian.org>
- Re: dpkg-statoverride vs. suidmanager
  - From: Joey Hess <joeyh@debian.org>
- Re: dpkg-statoverride vs. suidmanager
  - From: Wichert Akkerman <wichert@cistron.nl>

Prev by Date: Re: dpkg-statoverride vs. suidmanager
Next by Date: Re: dpkg-statoverride vs. suidmanager
Previous by thread: Re: dpkg-statoverride vs. suidmanager
Next by thread: Re: dpkg-statoverride vs. suidmanager
Index(es):
- Date
- Thread