dchroot setuid binary is intentional

To: lintian-maint@debian.org
Subject: dchroot setuid binary is intentional
From: David Kimdon <dwhedon@debian.org>
Date: Sat, 18 Jan 2003 16:12:11 -0800
Message-id: <[🔎] 20030119001210.GA2105@kimdon.org>

Hi,

Lintian is reporting that dchroot has a setuid binary.  I would like
to add an override:

dchroot: setuid-binary usr/bin/dchroot 4755 root/root

Justification follows:

1. dchroot needs to call chroot(), which will only succeed if the
effective UID is zero.

2. dchroot is careful to only allow users to chroot to paths specified
in /etc/dchroot/conf which is only writable by root. 

3. dchroot has been written carefully.  I've asked others to look over
the code.  If there is a way to make it do something bad, I don't know
it.

Thanks for your time,

David

Reply to:

Prev by Date: Nur alleine lesen ;-)
Next by Date: Policy Version
Previous by thread: Nur alleine lesen ;-)
Next by thread: Policy Version
Index(es):
- Date
- Thread