On Fri, Jul 18, 2014 at 01:15:42AM +0200, Ludovic Court??s wrote:
John Darrington <j...@darrington.wattle.id.au> skribis:
> On Thu, Jul 17, 2014 at 05:00:40PM +0200, Ludovic Court??s wrote:
>
> The package itself cannot install things setuid (nothing can be
setuid
> in the store), but there can be setuid programs in the system (see
> gnu/system.scm.)
>
> I'm not sure that I understand that. Maybe you can enlighten me
sometime.o
>
> Should I add /bin/aegis here: ?
>
> (define %setuid-programs
The package manager itself doesn???t help at all with setuid binaries. It
just doesn???t handle them.
However, the OS does support it, via the ???setuid-programs??? field of
???operating-system??? declaration. So, if the system administrator of a
machine decides that it???s a good idea to have ???aegis??? setuid-root,
then
they add it to the ???setuid-programs??? field.
The ???%setuid-programs??? variable you mention is just for *default*
setuid
programs. We don???t want to add to many of them here, because that
amounts to making installation of those packages compulsory.
I see (I think). Could we at least arrange for a message to be emitted on
package --install suggesting that the package be added to setuid-programs?
Aegis is useless without setuid-root.
J'
--
PGP Public key ID: 1024D/2DE827B3
fingerprint = 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.
signature.asc
Description: Digital signature
