On Fri, 14 Mar 2003, Henri wrote: > Not every sofware : i was only asking about specific mandrake tools and > "critical" ones : i think about verifying a last time, just before > releasing, that permissions on tools installed in /sbin/ and /usr/sbin > are correct, for example...
FYI, rpmlint does permission checks (suid, setgid etc), but some software is purposely shipped with setuid. For one, smbmount is, since I would rather have smbmount setuid than have a newbie run as root since he can smbmount (via komba2 or something). The astute admin will probably not even want samba-client on his server. Unfortunately, some things have to make security take a back seat. But smbmount (actually, smbmnt) is supposed to be pretty secure, aimed at being setuid. Regards, Buchan -- |----------------Registered Linux User #182071-----------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x121 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7
