Re: Advice packaging jazip (suid!!)
On Mon, Nov 16, 1998 at 04:30:02PM -0500, Peter S Galbraith wrote:
> Marcus Brinkmann wrote:
> > On Fri, Nov 13, 1998 at 10:38:02AM -0500, Peter S Galbraith wrote:
> > > 3- suid:
> > >
> > > jazip is usually suid root such that users can u/mount disks.
> > > Should I create a new jazip group to get around that? I suppose it
> > > would need to own the raw scsi device and mount points, but I can play
> > > around with that to figure it out.
> > The device files are owned by group disk. Please leave this decision to the
> > sysadmin. He can always add users he trusts to group disk, or change the
> > group layout. Do not ship the binary setuid. I wouldn't even register it
> > setuid in the postinst.
> jazip was written with suid in mind. It reimplement the mount command to
> do this securely. The first thing jaZip does when it starts is read the
> hardware vendor string to make sure that the device it's operating on is an
> Iomega drive (so that someone couldn't try to use jaZip to mount some other
> device on the system without root). These were features that were put in
> so that suid could be safely set without introducing security problems.
I see... but:
> I think that creating a new group `jazip' that would own the raw scsi
> device would provide comparable security to having jazip suid root, but not
> simply adding users to group disk. If we simply put users in group `disk',
> this creates a security hole since they will have read-access to raw scsi
> disks other than the zip and jaz disk.
You say "the raw scsi device". This would require a way to autodetect it or
to ask the sysadmin in the postinst script. I don't know which is
preferable... sorry, but I think deciding about this issue is stretching my
capabilities. Other, more capable, people on this list will hopefully
comment on this.
> > > Since a device is usually required as argument, what do I do for the
> > > `menu' entry? Should I create a confile in /etc and a shell script
> > > that parses it? Or should I create a jazipconfig script to do something
> > > like that (and what should it do?)
> > I would prefer the conf file. You could supply a jadeconfig script also
> > until we have a more general configuration setup approach.
> Is `jadeconfig' a typo?
Yes, indeed :) Sorry. (jadetex is a package of mine).
> Any suggestion as to what the config script should look like? Does another
> package do something similar?
key value pair should do it. There are lots of examples. It depends if you
want to use shell script or perl.
> > > 2- mount points:
> > >
> > > The mount points for Zip and Jaz disks are hardwired as /zip and /jaz.
> > > Should the deb package create /zip and /jaz mount points?
> > > What if they already exist and aren't empty?
> > > This should be done in postinst, right?
> > Please add a configuration option in the conf file. Even if it would require
> > changing the upstream source, this would be preferable. Packages must not
> > create directories in the root dir.
> So the `package' can't, but the executable or config script can?
Mmmh. Just ask the sysadmin for the mountpoint, he can create it himself (or
ask him if he wants the script to do it for him). No package must contain a
directory in / beside the ones that are already there.
> > > Should I put _all_ supplied icons in /usr/X11R6/include/X11/pixmaps ?
> > > Or in /usr/doc/jazip/icons ?
> > Please explain what the supplied icons are for. Normally, yes, all in
> > pixmaps, so they are available if needed.
> They are available for use on various window managers (but no configuration
> is provided, except for the one I put in `menu')
Maybe we can add the configuration later? Please put them in the pixmaps
directory. They would just clutter up /usr/doc.
"Rhubarb is no Egyptian god." Debian GNU/Linux finger brinkmd@
Marcus Brinkmann http://www.debian.org master.debian.org
Marcus.Brinkmann@ruhr-uni-bochum.de for public PGP Key
http://homepage.ruhr-uni-bochum.de/Marcus.Brinkmann/ PGP Key ID 36E7CD09