Hi Bhaskar, On Sat, Feb 08, 2014 at 09:25:51PM -0500, Bhaskar, K.S wrote: > > [KSB] gtmsecshr is a program that is installed setuid root because > there are functions it performs on behalf of normal processes > (unlike many database engines, GT.M does not use a database daemon). > Details of these functions are in Appendix E (Security Philosophy) > of the GT.M Administration and Operations Guide UNIX Edition (for > all current GT.M documentation, go to http://fis-gtm.com and click > on the User Documentation tab). > > Since gtmsecshr is installed as setuid root, it has a number of > checks to validate its invocation, including that it is being > invoked from the GT.M distribution to which it belongs. As there > would be a vulnerability in the validation if the link were a > symbolic link, it _must_ be a hard link. As the hard link is > between the directories pointed to by $gtm_dist and $gtm_dist/utf8, > and as the utf8 subdirectory is created as part of the GT.M > installation, there is never a case where the utf8 subdirectory is > on a different file system, and never a case where the symbolic link > is appropriate.
Thanks for the verbose explanation. @Luis: Could you please add a link to the mailing list archive to this explanation as comment into the lintian override file. Kind regards Andreas. -- http://fam-tille.de -- To UNSUBSCRIBE, email to debian-med-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20140209080805.gk10...@an3as.eu