The Sunday 2004-12-12 at 12:29 +0100, nordi wrote:
Carlos E. R. wrote:
Er... I agree that installing all those things is a nuissance, specially about tabooed packages; but you don't explain why all that it is a security risk.
You could argue that /usr/sbin/isdnctrl is SUID root, so this is a potential security hole (see [1]). My favorite quote from [1]: "The i4l package is installed by default and also vulnerable if you do not have a ISDN setup." I think this is what the OP meant.
Ah, that is a better explanation than the OP's, and with a better humour:-)
When I kicked the ISDN packages off my system I also wondered why wine needs i4l and why i4l was even installed on a system without ISDN hardware. IMHO you shouldn't install services/SUID binaries that are _obviously_ unnecessary.
Well, then a hack would be to make sure, in "/etc/permissions.local" that those files are not root suid if they do exist in the system. The settings are probably those of /etc/permissions.paranoid or /etc/permissions.secure. It would make sense, as it is true that YOU can install a tabooed package without the user noticing. I don't understand why a "taboo" does not keep "tabooed". I think I noticed isdn being installed the first time, and I removed it, time ago. But it has being installed on my back, and I don't know why. I don't see why wine should require it. -- Cheers, Carlos Robinson