Re: debhelper: dh_fixperms should come after dh_suidregister (was: Re: setgid stuff)
On Sun, Nov 28, 1999 at 12:13:55PM +1100, Brian May wrote:
> My observation (nothing more/less, however, probably a good idea
> in general):
>
> This means that it is the debian maintainer's decision to have a
> SetUID program, not the upstream maintainer (as dh_fixperms overrides
> anything set by the upstream Makefile).
>
> At least, the Debian maintainer must be aware of programs that are
> SetUID.
It's a good point, and yes, a package maintainer *must* be aware of
every setuid/setgid program in their package. Each one presents a
potential security risk, and must be checked out: which user/group
should this executable run as? Does it really need to be
setuid/setgid? And so on. (For /bin/su the answer is yes, for
/usr/X11R6/bin/xlock, the answer would be no now that we have a
PAMified xlock.)
Julian
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Julian Gilbey, Dept of Maths, QMW, Univ. of London. J.D.Gilbey@qmw.ac.uk
Debian GNU/Linux Developer, see http://www.debian.org/~jdg
Reply to: