[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dpkg-buildpackage (-rfakeroot) leaves setuid binaries

also sprach Christian Jaeger <christian.jaeger@sl.ethz.ch> [2002.01.22.0111 +0100]:
> Now you may say "don't build packages as root, use fakeroot instead". 
> Well I have always used it, and somehow thought I'm safe, but I'm 
> not: the permissions modes (like 4755) make it through to the real 
> filesystem, only the owner/group is faked. Thus I'm left with 
> binaries setuid *me* or setgid *my group* afterwards. That's only 
> slightly better than root, since I'm also the admin and once my 
> account is hijacked it's not far from being root.

why are your build directories accessible to the world? a simple
chmod 0700 ~/deb/build fixes all these problems for me, and

> It seems the only way around this (currently) is to compile packages 
> in a directory with 0700 permissions.

and? what's so wrong with that?

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"it appears that pl/i (and its dialects) is, or will be, the most widely
 used higher level language for systems programming."
                                                          -- j. sammet

Attachment: pgp3mb9Whi_f7.pgp
Description: PGP signature

Reply to: