Sunday, 14 November 2010

Skinny Update Manager

I’ve started a new project that’s related to SD but has sufficient application potential beyond SD that I decided to host its development apart from SD.

One of the challenges for SD has been getting a decent update/upgrade deal going. Skinny Update Manager tries to fix that.

Sunday, 24 October 2010

/etc/sudoers.d

The default /etc/sudoers file in Squeeze has a new directive:

#includedir /etc/sudoers.d 

that lets you make changes to sudo without editing the stock /etc/sudoers file.

There are a few gotchas about using it:

  1. Files in /etc/sudoers.d that end in ~ (that’s a tilde in case it tenders as a dash) or contain a . (period) character will be ignored.
  2. Files in /etc/sudoers.d must have 0440 permissions. So after you create your file, do a
    chmod 0440 {filename}
    on it.
  3. The directive itself in /etc/sudoers should be the last line. Otherwise it seems to get overridden by whatever follows.

At this point I don’t know in what order the files are read, but I suspect it’s in alphabetical order. So, for the moment I am using numbers (e.g., 99shutdown) to enforce the desired order.

Complete info at http://www.sudo.ws/sudo/sudoers.man.html.

Monday, 9 August 2010

Sqeeze freeze

Squeeze has been frozen.

Friday, 2 July 2010

Improved sdsudo security

I am testing a modification to the SD sdsudo utility that addresses a potential security issue I mention here. As I mentioned there, I don’t think the way sdsudo works at present is a security issue when used as intended—as a one-logged-in-user-at-a-time desktop/laptop environment. But more security with no downsides is never a bad thing.

The mod is based on Daniel Stone’s “xhost plus considered harmful” post. If you want to try this yourself, open /usr/bin/sdsudo as root in your favorite text editor. Find the line

xhost +local:root 1>&2

and change it to

xhost +SI:localuser:root 1>&2

A couple tests indicate this works. I’ll need to do some more testing to see if there are any gotchas.

I am hoping that SkinnySqeezey won’t need sdsudo.

Sunday, 27 June 2010

Install script license change

I have changed the license of the SkinnyDebbie installation scripts to GPLv3. The rest of SkinnyDebbie is unchanged: it’s still GPLv2.

Having said that, when I get around to finishing the next version of SD (for Squeeze) it will probably get a GPLv3 license as well.

Why the change? Because, the CC license that used to cover (and if you insist, still does) the install scripts isn’t well suited to software licensing. I originally wanted to use a CC license for these scripts because I got a bit irritated that earlier versions of these scripts were being used without attribution in the source or elsewhere as the basis for installation schemes in unrelated projects. The GPL also protects against attribution infringement, but I thought the CC was a bit more rigorous in this respect. However, I now think that it’s better to use the licenses in the way they were intended.