On Fri, 1 Aug 2003, Matt Zimmerman wrote: > On Fri, Aug 01, 2003 at 08:20:40PM +0200, Josip Rodin wrote: > > > On Fri, Aug 01, 2003 at 02:15:26PM -0400, Matt Zimmerman wrote: > > > it would be trivial to add lintian/linda warnings for this, > > > > There's already a warning for set[ug]id in Lintian. > > Ah, ok. But the point was that it will miss many cases. For example, I've > never seen this warning in uml-utilities because it uses a > dynamically-allocated gid and so must use chmod in postinst rather than > setting permissions in the .deb. If this could be done at build time rather > than at install time, the check would be perfect.
Andrew Suffield and I have plans to get rid of dynamic user creation in postinst, and chmod +s as well. preinst will create the user(by calling adduser), then the setuid-ness in the deb can be applied. This invovles modifying dpkg-deb to read a list of permission overrides. See -policy.