just ran tiger on a fresh debian (2.2) install, and received the following warnings:
# Performing check of PATH components... # Only checking user 'root' --WARN-- [path002w] /usr/bin/dotlockfile in root's PATH from default is not owned by root (owned by dovienya). --WARN-- [xxxxx] The following files have undefined groups ownership: /usr/doc/liblockfile1/changelog.gz /usr/doc/liblockfile1/copyright /usr/lib/liblockfile.so.1 /usr/lib/liblockfile.so.1.0 /usr/man/man1/dotlockfile.1 /var/lib/dpkg/info/liblockfile1.postinst /var/lib/dpkg/info/liblockfile1.shlibs and sure enough... -rwxr-sr-x 1 dovienya mail /usr/bin/dotlockfile -rw-r--r-- 1 root 500 /usr/doc/liblockfile1/changelog.gz -rw-r--r-- 1 root 500 /usr/doc/liblockfile1/copyright lrwxrwxrwx 1 root root /usr/lib/liblockfile.so.1 -> liblockfile.so.1.0 -rw-r--r-- 1 root 500 /usr/lib/liblockfile.so.1.0 -rw-r--r-- 1 root 500 /usr/man/man1/dotlockfile.1 -rwxr-xr-x 1 root 500 /var/lib/dpkg/info/liblockfile1.postinst -rwxr-xr-x 1 root 500 /var/lib/dpkg/info/liblockfile1.shlibs i verified that the same holds true on two other installs, and didn't find any information on this on the net at large... so i thought i'd send an email out debian-security way to get some feedback... thanks! andy