[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A question on setting setuid bit

On Wed, Jul 05, 2006 at 09:36:37AM +0100, Steve Kemp wrote:
> On Tue, Jul 04, 2006 at 08:37:52PM -0400, LEE, Yui-wah (Clement) wrote:
> > I am building a package in which one of the binary has
> > to have the setuid and setgid bits set.  I wonder which
> > one of the following two is the more appropriate method
> > to use?
>   It looks like you've got the answer to this already, but
>  it is worth considering whether the bit needs to be set
>  by default.
>   Perhaps a debconf question like man-db, or cdrecord, could
>  allow the user to disable/enable this.

Ugh, please don't.  Seriously, as a regular user of those packages, I have
no idea whether it's *really* a good idea for those to be setuid or not -- I
vaguely know the risk/benefit from general knowledge, but assessing the risk
intelligently?  No way.  I'd bet that 99% of installations have whatever the
maintainer recommended setting (either recommended by default or perhaps the
wording of the question).

My personal preference would be for the maintainer to just take a stand, set
it or not, and let people who actually know what's going on to use
dpkg-statoverride to fix the problem to their satisfaction.  (This actually
also applies to man-db and cdrecord, as it happens, but there's a lot of
inertia to overcome there).

>   I'd want to be extremely sure that the package had no
>  buggy code before installing it setuid/setgid.   If you'd
>  like somebody to check over the code for you, or as a
>  second pair of eyes, then please consider asking the auditing
>  people:
>     http://shellcode.org/mailman/listinfo/debian-audit

This is good advice.

- Matt

Reply to: