Re: Suid Manager?
> [ Please don't Cc: me when replying to my message on a mailing list. ]
> Buddha Buck:
> > I also think that it should be stated (and enforced, if possible)
> > policy that packages cannot modify the modes or owners of files they do
> > not own, nor can they set the UIDs and GIDs of files to users and
> > groups that are not installed either by base-passwd or by that package
> > itself.
> Or one of the packages it depends on?
I thought about that, and decided against it as overly complex. The
more I think about it, the worse it gets.
The problem (as I see it) is that a package can't control what users
are created by other packages. (presumably, base-passwd will be
static enough to be relied upon). However, I could easily imagine
package A 1.0 providing 7 new users, upon which package B depemds,
but package A 2.0 being reorganized to only need (and provide) 3
users, thus breaking package B.
A solution would be to implement Provides-users: and Depends-users:,
but that (IMHO) complicated things way to much.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com