Re: Policy question

To: John Goerzen <jgoerzen@complete.org>, debian-policy@lists.debian.org
Subject: Re: Policy question
From: Jonathan P Tomer <phouchg@cif.rochester.edu>
Date: Mon, 01 Feb 1999 15:00:26 -0500
Message-id: <[🔎] 199902012000.PAA01333@roundtable.cif.rochester.edu>
In-reply-to: Your message of "Mon, 01 Feb 1999 18:24:22 GMT." <[🔎] Pine.SOL.3.95q.990201182132.10025D-100000@red.csi.cam.ac.uk>

the debian policy states that you shouldn't make suid programs unreadable to
the world; the idea behind ever doing such a thing on nonfree systems is
that the program may have security holes that could be exploited by users
that examined the program carefully.  the policy tells you not to do thes
because the world can read the file in question anyway by getting the free
package directly.  however, making a directory unreadable/executable to
the world serves a different purpose, that is, restricting setuid execute
permission (albeit in a very roundabout way due to the flaw in unix that
a program can only set {u,g}id to its owner/group).  people who do not have
root privlige on the system can *not* simply download the package themselves
to bypass the security, since they can not make the program setuid
listar.  therefore i think that if it is really necessary to make a file
setgid to one group and give another group permission to run it (i agree
with jules that this is ugly, and should be replaced by a full-time daemon
that will only communicate with an mta) then making a directory un-enterable
is acceptable.

Reply to:

Follow-Ups:
- Re: Policy question
  - From: jdg@maths.qmw.ac.uk (Julian Gilbey)

References:
- Re: Policy question
  - From: Jules Bean <jmlb2@hermes.cam.ac.uk>

Prev by Date: Re: Policy question
Next by Date: Bug#31946: AMENDMENT] Adding dpkg-architecture to Packaging Manual
Previous by thread: Re: Policy question
Next by thread: Re: Policy question
Index(es):
- Date
- Thread