FWD: ugh, ugh. Needs to provide /etc/suid.conf and /usr/sbin/suidregister
I really wish I hadn't just discovered this problem today. Anyhow, if
you have a package that has a suidregister call like this in its
postinst, *please* convert to using statoverride ASAP.
----- Forwarded message from Joey Hess <joeyh@debian.org> -----
From: Joey Hess <joeyh@debian.org>
Date: Sun, 04 Feb 2001 14:32:29 -0800
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ugh, ugh. Needs to provide /etc/suid.conf and /usr/sbin/suidregister
X-Mailer: reportbug 1.11
Package: suidmanager
Version: 0.50
Severity: important
We forgot something in the suidmanager -> statoverride transition.
Existing packages will have code like this in them:
if [ -e /etc/suid.conf -a -x /usr/sbin/suidregister ]
then
suidregister -s apache-common /usr/bin/htpasswd root root 755
suidregister -s apache-common /usr/lib/apache/suexec root root 4755
else
chown root.root /usr/lib/apache/suexec
chmod 4755 /usr/lib/apache/suexec
fi
So if suidmanager is upgraded first and then a new version of such a package
is upgraded to, the result is that the second branch of the if is run, and
any overriding of the permissions they may have done by either suidmanager
or statoverride, will be reset to default. I'm ashamed I didn't think of this
problem earlier.
The fix should be two-pronged. First, this package should include an empty
/etc/suid.conf (touch it in the postinst, it shouldn't be a conffile), and
a /usr/sbin/suidregister that does nothing. Second all packages in unstable
should be converted ASAP to not include that code. The second is coming along
fairly well, but we need the first to be done now.
-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux kite 2.4.0 #1 Sat Jan 6 13:16:16 PST 2001 i686
Versions of packages suidmanager depends on:
ii dpkg 1.8.3.1 Package maintenance system for Deb
----- End forwarded message -----
--
see shy jo
Reply to: