Gentoo Archives: gentoo-user

From: Miroslav Rovis <miro.rovis@××××××××××××××.hr>
To: gentoo-user@l.g.o
Subject: Re: [gentoo-user] Re: setuid/setgid binaries, man-db security fix
Date: Wed, 14 Dec 2016 04:25:58
Message-Id: 20161214042602.GA16918@g0n.xdwgrp
In Reply to: [gentoo-user] Re: setuid/setgid binaries, man-db security fix by Ian Zimmerman
1 On 161213-15:29-0800, Ian Zimmerman wrote:
2 > On 2016-12-13 08:20, Jeremi Piotrowski wrote:
3 >
4 > > > More generally, I'm wondering about set*id binaries in gentoo. If I
5 > > > don't want/need the particular feature thus provided, can I simply
6 > > > turn off the set*id bit?
7 > >
8 > > Most of the time packages will not work correctly (as defined by
9 > > upstream) and will require you to run them as root explicitly
10 > > (e.g. through sudo).
11 >
12 > Returning to the special case of man-db package, both man and mandb seem
13 > to run fine as normal non-suid binaries (after I also changed the perms
14 > on /var/cache/man to the normal root:root, 644/755).
15 >
16 > I reported the bug:
17 >
18 > https://bugs.gentoo.org/show_bug.cgi?id=602588
19 >
20
21 This whole issue (since the start of this thread)... Thanks for
22 reporting it! It's been, and continues to be (lots of ongoing suspense,
23 and, in segments only, even non-disclosure; both for longer yet) the
24 most interesting information that I've had recently.
25
26 (Also I'll update A.S.A.P.)
27
28 --
29 Miroslav Rovis
30 Zagreb, Croatia
31 http://www.CroatiaFidelis.hr

Attachments

File name MIME type
signature.asc application/pgp-signature