On Thu, Nov 30, 2000 at 09:31:12AM -0800, Joey Hess wrote: > If new packages ship suid binaries and the old suidregister is being > used, there is a window where binaries will be suid even if the admin > has turned off those permissions, and we should not allow that. Some more possibilities: * have dpkg 1.7.x conflict with suidmanager <= 0.45, suidmanager 0.46 depend on dpkg >= 1.7.x, so that suidmanager is upgraded along with dpkg. the new suidmanager could, perhaps, register all its settings with dpkg-statoverride. * have fallback code so that packages will try to use suidregister if dpkg-statoverride's not available so that at least the window where a binary is suid that shouldn't be is kept to between unpacking and configuring, rather than expanding to be permanent * have packages that ship binaries suid conflict with suidmanager <= 0.45, so that suidmanager and hence dpkg are also upgraded if it's installed. if suidmanager's not installed, the admin's evidenly happy with having all the binaries suid anyway. Cheers, aj -- Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/> I don't speak for anyone save myself. GPG signed mail preferred. ``Thanks to all avid pokers out there'' -- linux.conf.au, 17-20 January 2001
Attachment:
pgpM6JzkBC2CP.pgp
Description: PGP signature