FS#18852 : [namcap] Detect setuid/setgid files

FS#18852 - [namcap] Detect setuid/setgid files

Attached to Project: Arch Linux
Opened by Linas (Linas) - Saturday, 27 March 2010, 00:35 GMT
Last edited by Rémy Oudompheng (remyoudompheng) - Friday, 25 February 2011, 21:30 GMT

Task Type	Feature Request
Category	Packages: Extra
Status	Closed
Assigned To	Dan McGee (toofishes) Rémy Oudompheng (remyoudompheng) Hugo Doria (hdoria)
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Dmitry Korzhevin (dkorzhevin) (2010-08-21)
Private	No

Details

namcap should have a rule to give an error when a package contains a
setuid/setgid file.
So for instance namcap /var/cache/pacman/pkg/util-linux-ng-*.pkg.tar.*
should complain that bin/{,u}mount are setuid and bin/write setgid.

This task depends upon

Closed by Rémy Oudompheng (remyoudompheng)
Friday, 25 February 2011, 21:30 GMT
Reason for closing: Implemented
Additional comments about closing: Implemented for version 3.0

Comment by Pierre Schmitz (Pierre) - Saturday, 27 March 2010, 01:12 GMT

And why should this be an error?

Comment by Linas (Linas) - Friday, 16 July 2010, 22:39 GMT

Because that's usually not the right thing to have (except a very few exceptions, probably only util-linux-ng).

When I build a package and I get asked "do you want to verify it with namcap?". It should warn about it, just as it warns "these folder permissions don't look ok" even though it is obviously not its work to verify the package security or anything like that.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#18852 - [namcap] Detect setuid/setgid files

Details

Loading...