[Pkg-nagios-devel] Bug#293242: nagios-common: postinst needs to use dpkg-statoverride so that CGI suidness isn't lost

[steveg]

Package: nagios-common
Version: 2:1.3-cvs.20050116-1
Severity: important

The postinst will set the nagios CGIs suid nagios if the user has
requested it via the debconf variable. However, this will be lost the
next time the user upgrades nagios-{text,mysql,pgsql} because the
setting is done in the -common post install. (My guess is that your
assumption was that they would be installed/upgraded together. That
doesn't cover the case of switching between the various DB choices,
though.)

The proper way to do this is with dpkg-statoverride (use the --update
option to make it immediate). This way, dpkg will take care of
preserving the suidness on upgrades/switches.

(I'm not actually sure that making all the CGIs SUID is actually the
proper approach at all. Shouldn't the cmd file be moved somewhere where
it is safe to make it writable by group www-data?)

Steve


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.18-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)

Versions of packages nagios-common depends on:
ii  adduser          3.59                    Add and remove users and groups
ii  apache [httpd]   1.3.33-3                versatile, high-performance HTTP s
ii  coreutils [fileu 5.2.1-2                 The GNU core utilities
ii  debconf [debconf 1.4.30.11               Debian configuration management sy
ii  fileutils        5.2.1-2                 The GNU file management utilities 
ii  mailx            1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii  nagios-mysql [na 2:1.3-cvs.20050116-1    A host/service/network monitoring 
ii  nagios-plugins   1.3.1.0-12              Plugins for the nagios network mon

-- debconf information:
* nagios/wwwsuid: true
  nagios/upgradefromnetsaint:
* nagios/configapache: Both