>>>>> "Topi" == Topi Miettinen <[EMAIL PROTECTED]> writes:
Topi> Matthew Wilcox writes:
>>
>> From a security point of view, it might be considered
>> worthwhile to install system executables (particularly the suid
>> ones) and then mark them immutable.
Topi> Sounds like a simple extension to suidmanager
Topi> package. According to WNPP, it needs a new maintainer (hint
Topi> hint).
I've already taken over maintainership from Christoph Lameter
<[EMAIL PROTECTED]>.
I suppose that the immutable bit could be set by adding a new
optional argument and optional field in "/etc/suid.conf". But what
happens when you go to upgrade the package?
If the prerm scripts ran `suidunregister', it might work. But that's
being done in the postrm scripts, after the old file is supposed to
be removed. (is that right?) The file cannot be deleted with the
immutable bit set.
Topi> Maybe using suidmanager should be enforced by the Policy?
Yes, perhaps. Has this been discussed before?
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] .
Trouble? e-mail to [EMAIL PROTECTED] .
