diff options
Diffstat (limited to 'ubuntu/lucid_automake/kdeutils/debian/klaptopdaemon.README.Debian')
-rw-r--r-- | ubuntu/lucid_automake/kdeutils/debian/klaptopdaemon.README.Debian | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/ubuntu/lucid_automake/kdeutils/debian/klaptopdaemon.README.Debian b/ubuntu/lucid_automake/kdeutils/debian/klaptopdaemon.README.Debian new file mode 100644 index 000000000..d6cf29558 --- /dev/null +++ b/ubuntu/lucid_automake/kdeutils/debian/klaptopdaemon.README.Debian @@ -0,0 +1,28 @@ +klaptopdaemon and SUID permissions +---------------------------------- + +To allow ordinary users to control certain power management features, +klaptopdaemon's panel in the KDE Control Center has a button which prompts +the user to enter the root password (KDE Control Center --> Power Control +--> Laptop Battery, then the ACPI Config tab, then the Setup Helper +Application button). This button changes the permissions of +/usr/bin/klaptop_acpi_helper from "0755 root.root" to "6755 root.root", +and therefore grants all regular users extra power management abilities. +This has obvious security implications, and should not be done on any +system where all users are not trusted absolutely. + +The standard klaptopdaemon changes the binary's permissions using chmod. +However, if an updated version of the Debian klaptopdaemon package +were then to be installed, it would reset the permissions, forcing the +sysadmin to reconfigure after each upgrade. + +The Debian package has therefore been patched to use dpkg-statoverride to +permanently change the permissions of /usr/bin/klaptop_acpi_helper. The +override is removed and permissions reset if the package is removed or +purged. However, if the sysadmin wishes to remove the special permissions +of /usr/bin/klaptop_acpi_helper, they can do so at any time by issuing, +as root, the following commands: + +dpkg-statoverride --remove /usr/bin/klaptop_acpi_helper +chown root:root /usr/bin/klaptop_acpi_helper +chmod 0755 /usr/bin/klaptop_acpi_helper |