Ian Jackson writes:
> Well, how hard is it to compile out ? It's not the most awful thing
> that could happen to a program to have this unnecessary check, but I
> do think it will add confusion.
It's not that difficult. I'll take care of it when I release a new version.
Michael
--
Michael Mesk
Michael Meskes writes ("Re: Bug#4051: access permissions for /usr/bin/fdmount"):
> Ian Jackson writes:
...
> > Err, I strongly suggest that you compile the group check out of the
> > executable. This is only likely to lead to confusion.
>
> I think I understand
Ian Jackson writes:
> It should be 4754 - there's no point in stopping people reading it.
> (I've been saying 4754 all along, and this is what is in the policy
> manual.)
Oops, I thought that was a typo :-)
> Err, I strongly suggest that you compile the group check out of the
> executable. This
Michael Meskes writes ("Re: Bug#4051: access permissions for /usr/bin/fdmount"):
...
> I have no problem with it being mode 4750 again.
It should be 4754 - there's no point in stopping people reading it.
(I've been saying 4754 all along, and this is what is in the po
Ian Jackson writes:
> Obviously if you've done it right having the binary check itself
> whether rgid or getgroups includes `floppy' and having it only
> executable by group floppy have the same security effect.
Yes, it checks getgroups.
> However, there are other differences: having the permissi
Michael Meskes writes ("Re: Bug#4051: access permissions for /usr/bin/fdmount"):
> Ian Jackson writes:
...
> > Compiling names of groups or even worse group ids into binaries is a
> > bad idea.
>
> Why? Because it's not easy to change?
It's ha
Ian Jackson writes:
>
> Damn, it looks like my comment
> Before anyone changes anything, please read the appropriate part of
> the new policy manual.
> went unheeded. I see that the change that Daniel Quinlan requested
Oops.
> has been made. It's a shame that I didn't get around to writing t
nse to the situation sooner.
Daniel Quinlan writes ("Re: Bug#4051: access permissions for /usr/bin/fdmount"):
...
> Michael Meskes <[EMAIL PROTECTED]> writes:
> > I agree that the installation is not correct, but I doubt mode 4755
> > is a solution. I for one don't lik
Daniel Quinlan writes:
> Use geteuid(2) and/or use a configuration file that says who has
> access. Using permissions alone to dictate who has access to
> *running* the binary is bad, IMHO, and I think the Debian package
> guidelines agree (unless they've been changed). Even worse, it's a
> `4750
Before anyone changes anything, please read the appropriate part of
the new policy manual.
Ian.
Daniel Quinlan writes:
>> Package: fdutils
>> Version: 4.3-3
>>
>> /usr/bin/fdmount should be mode 4755, not 4750.
Michael Meskes <[EMAIL PROTECTED]> writes:
> I agree that the installation is not correct, but I doubt mode 4755
> is a solution. I for one don't like the idea that everyone is abl
Daniel Quinlan writes:
>
> Package: fdutils
> Version: 4.3-3
>
> /usr/bin/fdmount should be mode 4755, not 4750.
I agree that the installation is not correct, but I doubt mode 4755 is a
solution. I for one don't like the idea that everyone is able to access my
floppy drive. Since the Debian stan
Package: fdutils
Version: 4.3-3
/usr/bin/fdmount should be mode 4755, not 4750.
13 matches
Mail list logo
