Re: debmake 1.14 uploaded

To: Juergen Menden <menden@informatik.tu-muenchen.de>
Cc: Debian developers list <debian-devel@lists.debian.org>
Subject: Re: debmake 1.14 uploaded
From: Christoph Lameter <clameter@waterf.org>
Date: Thu, 7 Nov 1996 06:21:41 -0800 (PST)
Message-id: <Pine.LNX.3.95.961107061655.526A-100000@waterf.org>
In-reply-to: <Pine.GSO.3.95.961107114144.25739C-100000@koma.informatik.tu-muenchen.de>

On Thu, 7 Nov 1996, Juergen Menden wrote:

menden >> No one is usually in group root. And the wrappers naturally such big
menden >> security holes that using those wrappers is almost equal to superuser
menden >> access anyways. So I thought membership of group root would be
menden >> an appropriate rquirement. 
menden >
menden >of course not! :-) 
menden >only ownership of the root account is the apropriate requirement
menden >for superuser access.

When you are building packages you need to have superuser access right
now. debmake just simplifies switching back and forth. What does "of
course not" refer to?

menden >depend on sudo/super and use it internally for the commands which 
menden >need root access (just as dpkg-buildpackage uses them). 

The point of sudo/super is to have restricted superuser access. Sorry but
runing build commands for debian packages cannot be called a restricted
superuser access. It is equal to full superuser access.

menden >environment and search the PATH.
You need to superuser path....

menden >sorry, this sounds pathetic, but that's the reason for
menden >the environment changes. well, i do not see any problems
menden >with this. any environment variable you want to have
menden >can be set on the root-side of the wrapper in a more 
menden >secure way. 

There is no security involved. "More secure" does not apply to
functionality that already gives you full access.

menden >> and all those tools expect
menden >> the REAL userid to be changed and not the effective UID. Otherwise your
menden >> tools wont work.
menden >
menden >this one i do not understand. why do your tools need the _real_ UID 
menden >to be root? and how do you do provide this? IIRC only the euid is
menden >changed by the suid bit.

Its not my tools. Its dpkg and the tools in dpkg-dev.

menden >sorry if all this sounds silly, but in fact i do not 
menden >really understand why you need it.

I dont think you use debmake and thus you better get it and look at the
situation.

--- +++ --- +++ --- +++ --- +++ --- +++ --- +++ --- +++ ---
PGP Public Key  =  FB 9B 31 21 04 1E 3A 33  C7 62 2F C0 CD 81 CA B5 

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to:

Follow-Ups:
- Re: debmake 1.14 uploaded
  - From: Dale Scheetz <dwarf@polaris.net>

Prev by Date: Re: Debian WWW standards version 2.0
Next by Date: Re: debmake 1.14 uploaded
Previous by thread: Re: debmake 1.14 uploaded
Next by thread: Re: debmake 1.14 uploaded
Index(es):
- Date
- Thread