Re: setuid/setgid binaries contained in the Debian repository.
On Sat, 2 Aug 2003 13:09:09 -0400, Matt Zimmerman <mdz@debian.org> said:
> On Fri, Aug 01, 2003 at 11:39:24PM -0500, Manoj Srivastava wrote:
>> You are now talking about putting things into policy that require
>> maintainerrs to change program behaviour to attain similar
>> functionality and features; and all the examples you quote are
>> about packaging details that are under our control completely.
> No, we are talking about recommending that developers discuss with
> other developers before making a change to their package which is
So, we do not need to discuss this if there is no change being
made, ie, packages which are already setgid games? Or if the package
being newly inducted depends on being sgid?
> likely to affect the security of every system where the package is
> installed. File permissions and program privileges are clearly a
> packaging matter. What is the nature of your objection?
You are being disengenuous. If a program needs to write files
shared by other users when it is run (save files, high score files,
macro definitions), and uses a group writable directory (after taking
precautions internally that the files being written ought to be
written to, etc), just changing the file permissions without changing
the program shall render the program unusable.
Making the dir world writable is not a solution, and indeed,
is worse for security.
manoj
--
>Ever heard of .cshrc? That's a city in Bosnia. Right? Discussion in
>comp.os.linux.misc on the intuitiveness of commands
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: