Re: setuid/setgid binaries contained in the Debian repository.

To: debian-devel@lists.debian.org
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Matt Zimmerman <mdz@debian.org>
Date: Thu, 31 Jul 2003 14:09:09 -0400
Message-id: <[🔎] 20030731180909.GH25932@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030731173753.GA27675@uk.intasys.com>
References: <[🔎] 20030731121701.GA3282@uk.intasys.com> <[🔎] 20030731165528.GB10002@dragon.kitenet.net> <[🔎] 20030731173753.GA27675@uk.intasys.com>

On Thu, Jul 31, 2003 at 06:37:53PM +0100, Steve Kemp wrote:

> On Thu, Jul 31, 2003 at 12:55:28PM -0400, Joey Hess wrote:
> > I also think it would be a good idea for policy to require all
> > setuid/gid bit grants to go through this or another list for peer
> > review, much as pre-depends are supposed to.
> 
>   I was thinking of approaching that problem a different way.
>   
>   In the same way that apt-listchanges shows a packages changelog
>  at install time, I could see a script 'apt-listsetuid' which would
>  warn the admin at install time if any new setuid/setgid applications
>  were being installed.

I use checksecurity for this; it runs from cron (daily by default) and
notifies me whenever there is a change in the list of setuid and setgid
programs on the system.

-- 
 - mdz

Reply to:

References:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Steve Kemp <skx@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Joey Hess <joeyh@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Bug#203653: ITP: autoconf-archive -- The GNU Autoconf Macro Archive
Next by Date: Re: setuid/setgid binaries contained in the Debian repository.
Previous by thread: Re: setuid/setgid binaries contained in the Debian repository.
Next by thread: Re: setuid/setgid binaries contained in the Debian repository.
Index(es):
- Date
- Thread