Bug#697438: linux-user-chroot Debian packaging
László Böszörményi (GCS) wrote:
> Also please note that the current state can be interpreted as some
> kind of security threat. Its binary installed as setuid and executable
> for everyone. A more safe solution would be a separate group and only
> its members would be allowed to execute linux-user-chroot .
Yup, I'm not sure how serious the threat may be, but restricting it a
bit would fine for me.
Note though that the Fedora package does not do that[1] and since it is
done by Colin I'm not sure if we want to diverge from it.
Asking Colin about the group restriction may be a good a idea.
[1] http://pkgs.fedoraproject.org/cgit/linux-user-chroot.git/tree/linux-user-chroot.spec#n32
Reply to: