T. Joseph Carter wrote:
On Mon, Jul 31, 2006 at 09:48:46PM -0700, Allen Brown wrote:It is tempting to also use nosuid, but there is a warning on the mount page. nosuid Do not allow set-user-identifier or set-group-identifier bits to take effect. (This seems safe, but is in fact rather unsafe if you have suidperl(1) installed.) What the heck is that? I don't seem to have it installed, but this makes me nervous because I wouldn't necessarily notice if it came in along with a bunch of other stuff in an apt-get.suidperl is a thing that lets you run perl scripts setuid. Normally you can't do that anymore than you can run a shell script that way. suidperl is a workaround to make that possible. It's an evil thing, you don't want it, ever. In fact, I suggest if you're concerned, edit your dpkg status file and create a fake entry claiming to be suidperl with a version like 7:0.0.0 and no files associated with it or anything.
This doesn't feel right. Are you sure this is secure and won't break something else? Looking at the dpkg(8) man page I see mention of "hold" A package marked to be on hold is not handled by dpkg, unless forced to do that with option --force-hold. That sounds closer to what we should be using. Basically it appears to be a hook in dpkg to lock up a package. Have I interpreted its description correctly? -- Allen Brown [EMAIL PROTECTED] http://www.peak.org/~abrown/ Which is it: is man one of God's blunders, or is God one of man's blunders? ---Friedrich Wilhelm Nietzsche _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
