Re: Advice packaging jazip (suid!!)
Marcus Brinkmann wrote:
> On Fri, Nov 13, 1998 at 10:38:02AM -0500, Peter S Galbraith wrote:
> > 3- suid:
> >
> > jazip is usually suid root such that users can u/mount disks.
> > Should I create a new jazip group to get around that? I suppose it
> > would need to own the raw scsi device and mount points, but I can play
> > around with that to figure it out.
>
> The device files are owned by group disk. Please leave this decision to the
> sysadmin. He can always add users he trusts to group disk, or change the
> group layout. Do not ship the binary setuid. I wouldn't even register it
> setuid in the postinst.
jazip was written with suid in mind. It reimplement the mount command to
do this securely. The first thing jaZip does when it starts is read the
hardware vendor string to make sure that the device it's operating on is an
Iomega drive (so that someone couldn't try to use jaZip to mount some other
device on the system without root). These were features that were put in
so that suid could be safely set without introducing security problems.
I think that creating a new group `jazip' that would own the raw scsi
device would provide comparable security to having jazip suid root, but not
simply adding users to group disk. If we simply put users in group `disk',
this creates a security hole since they will have read-access to raw scsi
disks other than the zip and jaz disk.
The author thinks it's safe to leave jazip suid-root.
Comments?
> > 1- what to use as a menu entry:
> >
> > the command usage is
> >
> > $ jazip [raw_scsi_device]
> >
> > Since a device is usually required as argument, what do I do for the
> > `menu' entry? Should I create a confile in /etc and a shell script
> > that parses it? Or should I create a jazipconfig script to do something
> > like that (and what should it do?)
>
> I would prefer the conf file. You could supply a jadeconfig script also
> until we have a more general configuration setup approach.
Is `jadeconfig' a typo?
Any suggestion as to what the config script should look like? Does another
package do something similar?
> > 2- mount points:
> >
> > The mount points for Zip and Jaz disks are hardwired as /zip and /jaz.
> > Should the deb package create /zip and /jaz mount points?
> > What if they already exist and aren't empty?
> > This should be done in postinst, right?
>
> Please add a configuration option in the conf file. Even if it would require
> changing the upstream source, this would be preferable. Packages must not
> create directories in the root dir.
So the `package' can't, but the executable or config script can?
> > Should I put _all_ supplied icons in /usr/X11R6/include/X11/pixmaps ?
> > Or in /usr/doc/jazip/icons ?
>
> Please explain what the supplied icons are for. Normally, yes, all in
> pixmaps, so they are available if needed.
They are available for use on various window managers (but no configuration
is provided, except for the one I put in `menu')
--
Peter Galbraith, research scientist <GalbraithP@dfo-mpo.gc.ca>
Maurice Lamontagne Institute, Department of Fisheries and Oceans Canada
P.O. Box 1000, Mont-Joli Qc, G5H 3Z4 Canada. 418-775-0852 FAX: 775-0546
6623'rd GNU/Linux user at the Counter - http://counter.li.org/
Reply to: