> > On Mon, 23 Jun 1997, joost witteveen wrote: > > > (in fakt so much, that I may be tempted to write it myself. You > > don't need that many changes). > > Well, you need to write your own version of make that looks for any attempt > to run chmod, chown etc, and then fakes all the ownership and modes in the > resulting tar. > > I'm not sure whether it's possible in general even then, what if the package > tries to set the ownership of a file from within another shell script or a > perl script; how can you intercept that so it works properly? > > With a few minor changes in the way packages are made---having tars all made > as any user, and chowns done after the package is installed, either in the > postinst or by dpkg first (the former would have the advantage of running on > existing systems)---we could build as non-root. > >
I like this. dpkg could set permissions on install based on a package file similar to the suidmanager approach. If we did this, we could also have a global security policy setting that could, using only dpkg, find all suid programs. -Erik -- Erik B. Andersen Web: http://www.inconnect.com/~andersen/ email: [EMAIL PROTECTED] --This message was written using 73% post-consumer electrons-- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
