DilOS: tdeutils build pack

Signed-off-by: Denis Kozadaev <denis@dilos.org>
(cherry picked from commit c1251c5abd9f8eb4a0256a7a92f72aa7aa8518eb)

1 files changed, 28 insertions, 0 deletions

diff --git a/dilos/tdeutils/debian/klaptopdaemon.README.Debian b/dilos/tdeutils/debian/klaptopdaemon.README.Debian
new file mode 100644
index 000000000..04c3e1b4e
--- /dev/null
+++ b/dilos/tdeutils/debian/klaptopdaemon.README.Debian
@@ -0,0 +1,28 @@
+klaptopdaemon and SUID permissions
+----------------------------------
+
+To allow ordinary users to control certain power management features,
+klaptopdaemon's panel in the Trinity Control Center has a button which prompts
+the user to enter the root password (Trinity Control Center --> Power Control
+--> Laptop Battery, then the ACPI Config tab, then the Setup Helper
+Application button). This button changes the permissions of
+/usr/bin/klaptop_acpi_helper from "0755 root.root" to "6755 root.root",
+and therefore grants all regular users extra power management abilities.
+This has obvious security implications, and should not be done on any
+system where all users are not trusted absolutely.
+
+The standard klaptopdaemon changes the binary's permissions using chmod.
+However, if an updated version of the Debian klaptopdaemon package
+were then to be installed, it would reset the permissions, forcing the
+sysadmin to reconfigure after each upgrade.
+
+The Debian package has therefore been patched to use dpkg-statoverride to
+permanently change the permissions of /usr/bin/klaptop_acpi_helper. The
+override is removed and permissions reset if the package is removed or
+purged. However, if the sysadmin wishes to remove the special permissions
+of /usr/bin/klaptop_acpi_helper, they can do so at any time by issuing,
+as root, the following commands:
+
+dpkg-statoverride --remove /usr/bin/klaptop_acpi_helper
+chown root:root /usr/bin/klaptop_acpi_helper
+chmod 0755 /usr/bin/klaptop_acpi_helper