Re: sendmail issues (was: Re: cron has gone to UTC time?)
On Tue, Feb 16, 1999 at 10:30:39AM +0100, Richard Braakman wrote:
> Wichert Akkerman wrote:
> > Previously Anthony Towns wrote:
> > > Another solution (with much niftier side effects) would be implementing
> > > the admintool thing (to avoid questions), and speeding up dpkg (to make
> > > the actual installation faster).
> >
> > But speeding up doesn't help, it only shortens the vulnerable timespan.
>
> Not necessarily. The timespan can be reduced to zero. dpkg can
> create the new file under a different name, set its permissions
> correctly, and then replace the old file in an atomic operation.
> I think this is how it operates right now.
>
> We'd only have to invent a way for the system administrator to
> override the permissions on specific files. This could easily be much
> more powerful than the suidregister hooks we now have in specific
> packages. We could have a tool like dpkg-setperms that overrides the
> mode and ownership of any file.
Actually all you would have to do is change suidmanager's name. I
already use it to maintain permissions on directories and other
binaries, not just suid ones.
--
Ben Collins - -------- --------- ---- ------- ----- - - --- --------
UnixGroup Admin <b.m.collins@larc.nasa.gov>
Debian Developer GNU/Linux <bcollins@debian.org>
OpenLDAP Core <bcollins@openldap.org>
------ -- ----- - - ------- ------- -- The Choice of the GNU Generation
Reply to: