Mailing List Archive

From:: Todd C. Miller <millert@openbsd.org>
Subject:: Re: Ignore setuid changes for relinked files in security(8)
To:: Andrew Hewus Fresh <andrew@afresh1.com>
Cc:: tech@openbsd.org
Date:: Tue, 04 Jun 2024 20:05:31 -0600

Download raw body.

Thread

2024-06-05 01:48 Andrew Hewus Fresh:
Ignore setuid changes for relinked files in security(8)
- 2024-06-05 02:05 Todd C. Miller:
  Ignore setuid changes for relinked files in security(8)
- - 2024-06-09 16:32 Theo de Raadt:
    Ignore setuid changes for relinked files in security(8)
- 2024-06-09 22:10 Andrew Hewus Fresh:
  Watch relink files for changes for setuid files in security(8)

On Tue, 04 Jun 2024 18:48:12 -0700, Andrew Hewus Fresh wrote:

> Someone (florian@) noticed that security(8) complains every time about
> ssh-agent changing any time you reboot.
>
> This patch stops complaining about setuid files that have an entry in
> /usr/share/relink and lets folks know that we're ignoring it when it is
> removed.

Great.

> Suggestions on wording of the message (or if it should exist) welcome.

Personally, I think it should be silent.

> Are the setuid changes actually useful to check still?  Should we remove
> that whole feature?

It is probably of limited usefulness these days but I guess we
should still keep it.

 - tod

2024-06-05 01:48 Andrew Hewus Fresh:
Ignore setuid changes for relinked files in security(8)
- 2024-06-05 02:05 Todd C. Miller:
  Ignore setuid changes for relinked files in security(8)
- - 2024-06-09 16:32 Theo de Raadt:
    Ignore setuid changes for relinked files in security(8)
- 2024-06-09 22:10 Andrew Hewus Fresh:
  Watch relink files for changes for setuid files in security(8)