Re: dpkg-statoverride vs. suidmanager

To: debian-devel@lists.debian.org
Subject: Re: dpkg-statoverride vs. suidmanager
From: Joey Hess <joeyh@debian.org>
Date: Thu, 30 Nov 2000 09:52:33 -0800
Message-id: <[🔎] 20001130095233.C4302@silk.kitenet.net>
Mail-followup-to: Joey Hess <joeyh@debian.org>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20001130121421.B4259@cistron.nl>; from wichert@cistron.nl on Thu, Nov 30, 2000 at 12:14:21PM +0100
References: <[🔎] 20001129171244.U25201@kitenet.net> <[🔎] 20001130021853.I2589@cistron.nl> <[🔎] 20001129172618.V25201@kitenet.net> <[🔎] 20001129172753.W25201@kitenet.net> <[🔎] 20001130023242.A8106@cistron.nl> <[🔎] 20001129182113.X25201@kitenet.net> <[🔎] 20001130033230.A12983@cistron.nl> <[🔎] 20001129183729.Z25201@kitenet.net> <[🔎] 20001130104128.C12395@atrey.karlin.mff.cuni.cz> <[🔎] 20001130121421.B4259@cistron.nl>

Wichert Akkerman wrote:
> Previously Petr Cech wrote:
> > so if it checks, then all you need to do is NOT convert, when you encounter an
> > old dpkg
> 
> you mean call suidregister/unregister conditionally depending on the
> version of dpkg installed? I guess you can do that; it does complicate
> the maintainer scripts though.

No, that won't work. Consider:

1. Package foo is installed, with binary bar, that is suid by default,
   but I have overridden to remove all suidness because I consider that is a
   security hole.
2. Foo is updated for statoverride support. This means that bar is now
   suid inside the deb file itself.
3. I upgrade foo. The package is unpacked. Bar is now suid.

4a. Foo's postinst is run. Since I have not yet upgraded to a dpkg that
    supports statoverride, the old suidregister stuff fires, removing the
    suid bit as I told it to.
 or
4b. Foo's postinst is run. Since I have upgraded to the new dpkg the
    other day, the suidregister stuff calls statoverride, removing the
    suid bit as I told it to.

Unfortunatly, between 3 and 4a or 4b, there is a (possibly long) window
where bar is suid, against my express wishes.

Now we could not ship bar suid in the deb and just let
suidregister/statoverride make it suid in the postinst, but then we have
lost most of the gain of statoverride.

-- 
see shy jo

Reply to:

References:
- Re: dpkg-statoverride vs. suidmanager
  - From: Joey Hess <joeyh@debian.org>
- Re: dpkg-statoverride vs. suidmanager
  - From: Wichert Akkerman <wichert@valinux.com>
- Re: dpkg-statoverride vs. suidmanager
  - From: Joey Hess <joeyh@debian.org>
- Re: dpkg-statoverride vs. suidmanager
  - From: Joey Hess <joeyh@debian.org>
- Re: dpkg-statoverride vs. suidmanager
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: dpkg-statoverride vs. suidmanager
  - From: Joey Hess <joeyh@debian.org>
- Re: dpkg-statoverride vs. suidmanager
  - From: Wichert Akkerman <wichert@cistron.nl>
- Re: dpkg-statoverride vs. suidmanager
  - From: Joey Hess <joeyh@debian.org>
- Re: dpkg-statoverride vs. suidmanager
  - From: Petr Cech <cech@atrey.karlin.mff.cuni.cz>
- Re: dpkg-statoverride vs. suidmanager
  - From: Wichert Akkerman <wichert@cistron.nl>

Prev by Date: Re: dpkg-statoverride vs. suidmanager
Next by Date: Re: dpkg-statoverride vs. suidmanager
Previous by thread: Re: dpkg-statoverride vs. suidmanager
Next by thread: Re: dpkg-statoverride vs. suidmanager
Index(es):
- Date
- Thread