On Wed, Jul 05, 2006 at 09:36:37AM +0100, Steve Kemp wrote: > On Tue, Jul 04, 2006 at 08:37:52PM -0400, LEE, Yui-wah (Clement) wrote: > > > I am building a package in which one of the binary has > > to have the setuid and setgid bits set. I wonder which > > one of the following two is the more appropriate method > > to use? > > It looks like you've got the answer to this already, but > it is worth considering whether the bit needs to be set > by default. > > Perhaps a debconf question like man-db, or cdrecord, could > allow the user to disable/enable this.
Ugh, please don't. Seriously, as a regular user of those packages, I have no idea whether it's *really* a good idea for those to be setuid or not -- I vaguely know the risk/benefit from general knowledge, but assessing the risk intelligently? No way. I'd bet that 99% of installations have whatever the maintainer recommended setting (either recommended by default or perhaps the wording of the question). My personal preference would be for the maintainer to just take a stand, set it or not, and let people who actually know what's going on to use dpkg-statoverride to fix the problem to their satisfaction. (This actually also applies to man-db and cdrecord, as it happens, but there's a lot of inertia to overcome there). > I'd want to be extremely sure that the package had no > buggy code before installing it setuid/setgid. If you'd > like somebody to check over the code for you, or as a > second pair of eyes, then please consider asking the auditing > people: > > http://shellcode.org/mailman/listinfo/debian-audit This is good advice. - Matt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]