[csw-maintainers] Backing up the sudo binary

Peter Bonivart bonivart at opencsw.org
Mon Feb 27 00:04:47 CET 2012


2012/2/26 Maciej Bliziński <maciej at opencsw.org>:
> The current sudo package allows to deinstall it and lose the binary. If
> a pkgutil upgrade fails after deinstallation, and before the
> installation of sudo, you end up with a system with no sude. Here's an
> idea:
>
> - sudo preremove backs up the sudo binary somewhere on the filesystem
> - sudo postinstall checks if the new binary is actually installed, and
>  if so, removes the backup (the old binary might have a security risk)
>
> This idea would help in my scenario, but has a drawback: when the
> administrator wants to get rid of the sudo binary from the filesystem.
> You run pkgrm, and the sudo binary remains somewhere in the system.
>
> Is it enough to display a postrm message: "The sudo binary has been
> backed up at $location, remove it manually if you really want to get rid
> of it."
>
> Thoughts?

I like the idea and you need a message anyway to make others aware of
that safety net being available.

/peter


More information about the maintainers mailing list