[Eug-lug] Linux- Mac OS X file exchange: This sounds right
Allen Brown
abrown at peak.org
Tue Aug 1 11:18:53 PDT 2006
T. Joseph Carter wrote:
> On Mon, Jul 31, 2006 at 09:48:46PM -0700, Allen Brown wrote:
>
>>It is tempting to also use nosuid, but there is a warning on
>>the mount page.
>> nosuid Do not allow set-user-identifier or set-group-identifier
>> bits to take effect. (This seems safe, but is in fact
>> rather unsafe if you have suidperl(1) installed.)
>>
>>What the heck is that? I don't seem to have it installed,
>>but this makes me nervous because I wouldn't necessarily
>>notice if it came in along with a bunch of other stuff
>>in an apt-get.
>
>
> suidperl is a thing that lets you run perl scripts setuid. Normally you
> can't do that anymore than you can run a shell script that way. suidperl
> is a workaround to make that possible. It's an evil thing, you don't want
> it, ever. In fact, I suggest if you're concerned, edit your dpkg status
> file and create a fake entry claiming to be suidperl with a version like
> 7:0.0.0 and no files associated with it or anything.
This doesn't feel right. Are you sure this is secure and won't
break something else?
Looking at the dpkg(8) man page I see mention of "hold"
A package marked to be on hold is not handled by dpkg, unless
forced to do that with option --force-hold.
That sounds closer to what we should be using. Basically it
appears to be a hook in dpkg to lock up a package. Have I
interpreted its description correctly?
--
Allen Brown abrown at peak.org http://www.peak.org/~abrown/
Which is it: is man one of God's blunders, or is God
one of man's blunders? ---Friedrich Wilhelm Nietzsche
More information about the EUGLUG
mailing list