Re: svgalib and SUID

To: Debian-Devel Mailing List <debian-devel@lists.debian.org>
Subject: Re: svgalib and SUID
From: Richard Braakman <dark@xs4all.nl>
Date: Wed, 12 Dec 2001 00:37:34 +0200
Message-id: <[🔎] 20011211223734.GB1093@cs140102.pp.htv.fi>
In-reply-to: <[🔎] 20011211143537.GA22214@cs.binghamton.edu>
References: <[🔎] 20011211143537.GA22214@cs.binghamton.edu>

On Tue, Dec 11, 2001 at 09:35:37AM -0500, Steaphan Greene wrote:
> -If this program must be SUID root, how do I "register" it so it is
>  known to be kosher with the system (I have seen conflicting docs on
>  this one, so I am not sure).

Hmm.  Normally, you just include it in the package with the suid bit
set, and the admin can use dpkg-statoverride to change it.  If the
program is useful even without suid, then I suggest shipping it without.

However, has anyone reviewed this program for security?  A new suid root
program should be looked at by several pairs of eyes.  And even then it's
not a good idea :-)

-- 
Richard Braakman
Will write free software for money.
See http://www.xs4all.nl/~dark/resume.html

Reply to:

Follow-Ups:
- Re: svgalib and SUID
  - From: Steaphan Greene <stea@cs.binghamton.edu>

References:
- svgalib and SUID
  - From: Steaphan Greene <stea@cs.binghamton.edu>

Prev by Date: Re: Bug#123234: Deprecate BTS "close" command?
Next by Date: simpleinit from util-linux (was Re: chkconfig for Debian)
Previous by thread: svgalib and SUID
Next by thread: Re: svgalib and SUID
Index(es):
- Date
- Thread