also sprach martin f krafft <madd...@debian.org> [2010.02.04.1336 +1300]: > In short, I am in favour of forbidding use of dpkg-statoverride by > package maintainers, unless I missed something in the above.
Further information from IRC: < madduck> sgran: feel free to slam me down on my latest reply to #568313 wrt the dynamic uids. ;) < sgran> madduck: it fails for things like /var/run/<package> where <package> runs as a dynamically created user < sgran> or similar things < madduck> sgran: /var/run/<package> must not be shipped < madduck> but /var/spool/postfix might be an example < sgran> pick a better directory < madduck> or /var/lib/squid < sgran> /var/lib/clamav < madduck> basically /var/*/* < sgran> etc < madduck> yeah < madduck> otoh, I don't see a risk, really… < madduck> i mean, the permissions are in the package, so they won't be changed < madduck> so all that is happening is that the new file is root.root instead of clamav.clamav < madduck> but between unpacking and postinst, the daemon isn't running anyway… < madduck> well, in most cases. < sgran> unless of course there are multiple daemons that all need access to a directory or something < madduck> so there's actually a window of tightening of security, not a window of elevated access < sgran> unless of course the statoverride is to change perms to 0700 or something < madduck> sgran: the risk is that one of those daemons won't be able to access files during that window. i think this is an acceptable downside of an upgrade, not? < sgran> no < sgran> why should an upgrade break a working system? < madduck> sgran: then the directory should be in the .deb with 0700, no? < sgran> have you suddnenly become Md? < madduck> not break, but briefly suspend services. < madduck> of course, if this windows causes breakage, that's a different store < madduck> but i feel that's one that would have to be addressed in the daemon, no? < sgran> I would guess that most daemons don't cope well with permissions/ownerships being changed out from under them < sgran> and it's a silly thing to do, since we don't have to do it < madduck> for the few seconds it takes between unpack and postinst, that's okay if it doesn't cause permanent, damage, no? < sgran> explain again why it's ok to do the wrong thing when it's easy to do the right thing? < madduck> note how the proposal is about static uids < madduck> and there it's quite simply the case that we don't need to do it. < sgran> of course I misunderstood the original intent and thought it was about static uids/gids only. Helps to read the message again on the day of replying. -- .''`. martin f. krafft <madd...@d.o> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems god is real, unless declared integer. (dedicated to gabriel gómez)
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
