Control: severity -1 wishlist Control: found -1 3.8.13-1 On Fri, 2013-05-24 at 15:30 +0100, Steve McIntyre wrote: [...] > For now, on that system we have changed the default settings via /proc > but it's not a real solution for us and DSA don't want to do it > permanently.
It certainly sounds like a solution to me. Yes, it removes a useful safeguard against userland security bugs, but this is a question of risk management and not known vulnerabilities. > I can see a few ways that we could change things: > > * run things using the same account (not wanted, as described above) > * share a group between the users and make everything group-writable > (ditto) chown all files in the archive to debian-cd:archvsync but don't give the owner write permission to them (or the directories). > * come up with a fakelink ld_preload lib like we have fakeroot (eww) > > Alternatively, I'm pondering: if the main thrust of the hardlink > protection is to prevent attacks against system files, then it might > make more sense to change protected_hardlinks to be a per-filesystem > mount option. By all means protect the root filesystem etc., but for a > purely data-carrying filesystem it's a bit obstructive. > > What do you think? I can see that this could be a useful feature, but I don't think I can spare the time to work on it any time soon. If you have the time to implement this yourself, I would be happy to review the changes but you will need to submit them upstream. Ben. -- Ben Hutchings Computers are not intelligent. They only think they are.
signature.asc
Description: This is a digitally signed message part
