Re: A question on setting setuid bit
On Wed, Jul 05, 2006 at 09:36:37AM +0100, Steve Kemp wrote:
> On Tue, Jul 04, 2006 at 08:37:52PM -0400, LEE, Yui-wah (Clement) wrote:
> > I am building a package in which one of the binary has
> > to have the setuid and setgid bits set. I wonder which
> > one of the following two is the more appropriate method
> > to use?
> It looks like you've got the answer to this already, but
> it is worth considering whether the bit needs to be set
> by default.
> Perhaps a debconf question like man-db, or cdrecord, could
> allow the user to disable/enable this.
Ugh, please don't. Seriously, as a regular user of those packages, I have
no idea whether it's *really* a good idea for those to be setuid or not -- I
vaguely know the risk/benefit from general knowledge, but assessing the risk
intelligently? No way. I'd bet that 99% of installations have whatever the
maintainer recommended setting (either recommended by default or perhaps the
wording of the question).
My personal preference would be for the maintainer to just take a stand, set
it or not, and let people who actually know what's going on to use
dpkg-statoverride to fix the problem to their satisfaction. (This actually
also applies to man-db and cdrecord, as it happens, but there's a lot of
inertia to overcome there).
> I'd want to be extremely sure that the package had no
> buggy code before installing it setuid/setgid. If you'd
> like somebody to check over the code for you, or as a
> second pair of eyes, then please consider asking the auditing
This is good advice.