[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: su in debian.rules

From: "Mark W. Eichin" <eichin@cygnus.com>

> As I've commented before, there is no real excuse for needing root to
> create packages.

What you are proposing is to have a program on the system that a
non-privileged user runs to create an archive that contains files
that appear to have been written by a privileged user, and will indeed
become privileged when they are extracted. OK, I admit that any user
can write a program like that, but that does not mean we have to
deliver it into their hands.

Yes, I know it's not good system management practice to become root
when you don't strictly need to be root, but I think you may be taking
this to an extreme. The solutions to this problem are more complicated
than the status quo, and present their own new security problems. I'd
prefer a solution that makes building packages simpler, not more
difficult. Right now I can let the upstream makefile change the UIDs
and permissions for me. I don't have to store what it did in a separate
database to be applied in the future.

> (Do you really think gcc has been "audited" with the intention of being
> run as root?)

What programs _have_ been audited? Are we perhaps getting way ahead of
that issue?

Do feel free to solve this problem, but I would not want to be compelled
to use your solution or even to install that sort of tool on my system.


Bruce Perens <Bruce@Pixar.com> Pixar Animation Studios
Toy Story: > US$177M domestic box office receipts and an Oscar so far.

Reply to: