On Tue, Jul 04, 2006 at 08:37:52PM -0400, LEE, Yui-wah (Clement) wrote: > I am building a package in which one of the binary has > to have the setuid and setgid bits set. I wonder which > one of the following two is the more appropriate method > to use? It looks like you've got the answer to this already, but it is worth considering whether the bit needs to be set by default. Perhaps a debconf question like man-db, or cdrecord, could allow the user to disable/enable this. I'd want to be extremely sure that the package had no buggy code before installing it setuid/setgid. If you'd like somebody to check over the code for you, or as a second pair of eyes, then please consider asking the auditing people: http://shellcode.org/mailman/listinfo/debian-audit Steve --
Attachment:
signature.asc
Description: Digital signature