rev 3302 - in trunk/packages/kdeutils/debian: . patches
Christopher Martin
chrsmrtn at costa.debian.org
Sun Mar 12 16:06:28 UTC 2006
Author: chrsmrtn
Date: 2006-03-12 16:06:27 +0000 (Sun, 12 Mar 2006)
New Revision: 3302
Added:
trunk/packages/kdeutils/debian/klaptopdaemon.README.Debian
trunk/packages/kdeutils/debian/klaptopdaemon.prerm
trunk/packages/kdeutils/debian/patches/13_klaptopdaemon_dpkg_statoverride.diff
Modified:
trunk/packages/kdeutils/debian/changelog
Log:
New patch: use dpkg-statoverride for klaptop_acpi_helper.
Then we need to clean up after remove/purge.
Document all this for admins.
Modified: trunk/packages/kdeutils/debian/changelog
===================================================================
--- trunk/packages/kdeutils/debian/changelog 2006-03-11 18:08:01 UTC (rev 3301)
+++ trunk/packages/kdeutils/debian/changelog 2006-03-12 16:06:27 UTC (rev 3302)
@@ -1,3 +1,14 @@
+kdeutils (4:3.5.1-3) UNRELEASED; urgency=low
+
+ +++ Changes by Christopher Martin:
+
+ * When klaptopdaemon changes klaptop_acpi_helper's permissions, use
+ dpkg-statoverride. Thanks to Romain Lenglet for the patch. See
+ klatopdaemon's README.Debian for details.
+ (Closes: #355527, #355529)
+
+ -- Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org> Sat, 11 Mar 2006 20:22:34 -0500
+
kdeutils (4:3.5.1-2) unstable; urgency=low
+++ Changes by Christopher Martin:
Added: trunk/packages/kdeutils/debian/klaptopdaemon.README.Debian
===================================================================
--- trunk/packages/kdeutils/debian/klaptopdaemon.README.Debian 2006-03-11 18:08:01 UTC (rev 3301)
+++ trunk/packages/kdeutils/debian/klaptopdaemon.README.Debian 2006-03-12 16:06:27 UTC (rev 3302)
@@ -0,0 +1,28 @@
+klaptopdaemon and SUID permissions
+----------------------------------
+
+To allow ordinary users to control certain power management features,
+klaptopdaemon's panel in the KDE Control Center has a button which prompts
+the user to enter the root password (KDE Control Center --> Power Control
+--> Laptop Battery, then the ACPI Config tab, then the Setup Helper
+Application button). This button changes the permissions of
+/usr/bin/klaptop_acpi_helper from "0755 root.root" to "6755 root.root",
+and therefore grants all regular users extra power management abilities.
+This has obvious security implications, and should not be done on any
+system where all users are not trusted absolutely.
+
+The standard klaptopdaemon changes the binary's permissions using chmod.
+However, if an updated version of the Debian klaptopdaemon package
+were then to be installed, it would reset the permissions, forcing the
+sysadmin to reconfigure after each upgrade.
+
+The Debian package has therefore been patched to use dpkg-statoverride to
+permanently change the permissions of /usr/bin/klaptop_acpi_helper. The
+override is removed and permissions reset if the package is removed or
+purged. However, if the sysadmin wishes to remove the special permissions
+of /usr/bin/klaptop_acpi_helper, they can do so at any time by issuing,
+as root, the following commands:
+
+dpkg-statoverride --remove /usr/bin/klaptop_acpi_helper
+chown root:root /usr/bin/klaptop_acpi_helper
+chmod 0755 /usr/bin/klaptop_acpi_helper
Added: trunk/packages/kdeutils/debian/klaptopdaemon.prerm
===================================================================
--- trunk/packages/kdeutils/debian/klaptopdaemon.prerm 2006-03-11 18:08:01 UTC (rev 3301)
+++ trunk/packages/kdeutils/debian/klaptopdaemon.prerm 2006-03-12 16:06:27 UTC (rev 3302)
@@ -0,0 +1,30 @@
+#! /bin/sh
+
+set -e
+
+case "$1" in
+
+ remove)
+ /usr/sbin/dpkg-statoverride --quiet --remove /usr/bin/klaptop_acpi_helper > /dev/null 2>&1 || true
+ if [ -e /usr/bin/klaptop_acpi_helper ]; then
+ chown root:root /usr/bin/klaptop_acpi_helper
+ chmod 0755 /usr/bin/klaptop_acpi_helper
+ fi
+ ;;
+
+ upgrade|deconfigure)
+ ;;
+
+ failed-upgrade)
+ ;;
+
+ *)
+ echo "prerm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+
+esac
+
+#DEBHELPER#
+
+exit 0
Added: trunk/packages/kdeutils/debian/patches/13_klaptopdaemon_dpkg_statoverride.diff
===================================================================
--- trunk/packages/kdeutils/debian/patches/13_klaptopdaemon_dpkg_statoverride.diff 2006-03-11 18:08:01 UTC (rev 3301)
+++ trunk/packages/kdeutils/debian/patches/13_klaptopdaemon_dpkg_statoverride.diff 2006-03-12 16:06:27 UTC (rev 3302)
@@ -0,0 +1,31 @@
+--- kde.orig/klaptopdaemon/acpi.cpp
++++ kde.patched/klaptopdaemon/acpi.cpp
+@@ -186,7 +186,7 @@
+ proc << kdesu;
+ proc << "-u";
+ proc << "root";
+- proc << "chown root "+helper+"; chmod +s "+helper;
++ proc << "dpkg-statoverride --update --add root root 6755 "+helper;
+ proc.start(KProcess::Block); // run it sync so has_acpi below sees the results
+ }
+ } else {
+--- kde.orig/klaptopdaemon/apm.cpp
++++ kde.patched/klaptopdaemon/apm.cpp
+@@ -166,7 +166,7 @@
+ proc << kdesu;
+ proc << "-u";
+ proc << "root";
+- proc << QString("chown root ")+apm_name+"; chmod +s "+apm_name;
++ proc << QString("dpkg-statoverride --update --add root root 6755 ")+apm_name;
+ proc.start(KProcess::Block); // run it sync so has_apm below sees the results
+ }
+ } else {
+@@ -208,7 +208,7 @@
+ proc << kdesu;
+ proc << "-u";
+ proc << "root";
+- proc << "chown root "+helper+"; chmod +s "+helper;
++ proc << "dpkg-statoverride --update --add root root 6755 "+helper;
+ proc.start(KProcess::Block); // run it sync so has_acpi below sees the results
+ }
+ } else {
More information about the pkg-kde-commits
mailing list