[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: A question on setting setuid bit

Thibaut Paumard <paumard@users.sourceforge.net> wrote:

> Le jeudi 06 juillet 2006 à 07:36 +1000, Matthew Palmer a écrit :
> [about suid bits]
>> My personal preference would be for the maintainer to just take a stand, set
>> it or not, and let people who actually know what's going on to use
>> dpkg-statoverride to fix the problem to their satisfaction.  (This actually
>> also applies to man-db and cdrecord, as it happens, but there's a lot of
>> inertia to overcome there).
> In that case, does it make sense to prompt the admin once from the
> postinst script with a message such as:
> "Warning: <such file> from <such package> installed with suid bit.  If
> this is unacceptable at your site, use dpkg-statoverride to clear this
> bit." ?

I don't think so.  If it is important enough to justify such a warning,
the default should rather be not to set the setuid bit.  On the other
hand, if it isn't so important, a note in README.Debian (and the
relevant manpages) is sufficient.

Regards, Frank
Frank Küster
Single Molecule Spectroscopy, Protein Folding @ Inst. f. Biochemie, Univ. Zürich
Debian Developer (teTeX)

Reply to: