On Thu, Nov 30, 2000 at 09:31:12AM -0800, Joey Hess wrote:
> If new packages ship suid binaries and the old suidregister is being
> used, there is a window where binaries will be suid even if the admin
> has turned off those permissions, and we should not allow that.
Some more possibilities:
* have dpkg 1.7.x conflict with suidmanager <= 0.45, suidmanager
0.46 depend on dpkg >= 1.7.x, so that suidmanager is upgraded
along with dpkg. the new suidmanager could, perhaps, register
all its settings with dpkg-statoverride.
* have fallback code so that packages will try to use suidregister
if dpkg-statoverride's not available so that at least the
window where a binary is suid that shouldn't be is kept to
between unpacking and configuring, rather than expanding to be
permanent
* have packages that ship binaries suid conflict with suidmanager
<= 0.45, so that suidmanager and hence dpkg are also upgraded
if it's installed. if suidmanager's not installed, the admin's
evidenly happy with having all the binaries suid anyway.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.
``Thanks to all avid pokers out there''
-- linux.conf.au, 17-20 January 2001
Attachment:
pgpM6JzkBC2CP.pgp
Description: PGP signature