I think it is a good idea to ask all suid programs to be entered into suid.conf (I cannot have enough security :-)). But only the ones that are really installed suid. If I make a program suid that's not in suid.conf I can add this one by hand to the config file. But all the files installed suid by default should be in /etc/suid.conf. checksecurity (or another script) could them check for consistency.
Michael -- Dr. Michael Meskes, Projekt-Manager | topsystem Systemhaus GmbH [EMAIL PROTECTED] | Europark A2, Adenauerstr. 20 [EMAIL PROTECTED] | 52146 Wuerselen Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44 Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10 >-----Original Message----- >From: Andreas Jellinghaus [SMTP:[EMAIL PROTECTED] >Sent: Monday, June 23, 1997 11:26 PM >To: Michael Meskes >Cc: debian-devel@lists.debian.org >Subject: Re: Use of suidmanager > >On Jun 23, Michael Meskes wrote >> Could anyone please tell me the advantages of suidmanager as it is right >> now? > >it's useless, because not all packages use it. > >> I can see the usefullness of a tool like that, but I wonder if there >> should be a daily test run to make sure no other file are suid. Or is >> this dones elsewhere? > >if all packages were using it, we could check the checksecurity list >against the suid.conf, and every admin could be sure, that only programs >listed in suid.conf are suid. > >> Also why are there file in /etc/suid.conf that are not suid at all: >> >> debmake /usr/bin/build root root 755 >> debmake /usr/bin/debpkg root root 755 > >because these a potential suid programs. some people have them suid (ok, >i prefer to use sudo to start these programs), so they are listed. i >don't know, if this makes sence or not. do i have to add such lines to >suid.conf for programs, that might be suid, but are not shipped as suid >in my default isdn configuration ? > >> I'd like to know more about this (and other) security related packages. > >the other package i know is checksecurity, a script ... > >regards, andreas -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .