Brian May wrote: > >>>>> "Steve" == Steve Greenland <[EMAIL PROTECTED]> writes: > > Steve> Which reminds me, what sort of security is enabled in > Steve> debconf? Can any user read the values from the database, or > Steve> is it limited to root? > > Not sure about this (on my system only root can read /var/lib/debconf), > however: > > Steve> An attempt to use db_get as a regular user, but only > Steve> because the current backend tries to write a temporary file > Steve> to var/lib/debconf (I think) (line 229 in ConfigDb.pm, > Steve> potato version). > > not sure how well temp files are managed.
Belive it or not, I know how to safely manage temp files and protect sensitive information with unix permissions. > I was told though, for the purpose of Heimdal-kdc, to put it in the > postinst directory. This means it doesn't have to get stored in the > database. ie the postinst script does a "db_get" followed by a > "db_set". I told you this because you stressed it was very very important. Really sheer paranoia though. -- see shy jo
