[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#5312: ae escapes 8-bit chars by default


On Thu, 7 Nov 1996, Dale Scheetz wrote:

> On Thu, 7 Nov 1996, Santiago Vila Doncel wrote:
> > Package: ae
> > Version: 962-10
> > 
> > ae escapes 8-bit chars by default. It should not.
> > 
> > When I type "camión único", I see "cami\363n \372nico", which is not
> > the "natural" way to see those words.
> This is probably because ae doesn't support the character set. I will pass
> this on to the upstream maintainer, but it lookes like more than a trivial
> fix.
> Please remember that ae is not intended to be a full featured editor. It's
> intent is to be small enough to fit on the base system and provide basic
> editing capability for making changes to config files.

Ok, remove the code that *escapes* 8-bit chars and we'll get a smaller
executable :-)


Version: 2.6.3i
Charset: latin1


Santiago Vila <sanvila@ctv.es>

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

>From miss
Received: from mongo.pixar.com (
  by master.debian.org with SMTP; 8 Nov 1996 10:17:51 -0000
Received: (qmail 17385 invoked from smtpd); 8 Nov 1996 10:04:49 -0000
Received: from primer.i-connect.net (HELO master.debian.org) (bruce@
  by mongo.pixar.com with SMTP; 8 Nov 1996 10:04:42 -0000
Date:	Fri, 8 Nov 1996 11:03:54 +0100 (MET)
From:	Juergen Menden <menden@informatik.tu-muenchen.de>
To:	Christoph Lameter <clameter@waterf.org>
cc:	Debian developers list <debian-devel@lists.debian.org>
Subject: Re: debmake 1.14 uploaded
In-Reply-To: <Pine.LNX.3.95.961107061655.526A-100000@waterf.org>
Message-ID: <Pine.GSO.3.95.961108101942.25739E-100000@koma.informatik.tu-muenchen.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Resent-Message-ID: <"yxSuC2.0.5q1.yYmWo"@master.debian.org>
Resent-From: debian-devel@lists.debian.org
Resent-Reply-To: debian-devel@lists.debian.org
X-Mailing-List: <debian-devel@lists.debian.org> archive/latest/2682
X-Loop: debian-devel@lists.debian.org
Precedence: list
Priority: non-urgent
Importance: low
Resent-Sender: debian-devel-request@lists.debian.org

sorry for this really long mail. people not interrested
in all the details might jump to the last two paragraphs
directly... :-)))

On Thu, 7 Nov 1996, Christoph Lameter wrote:
> On Thu, 7 Nov 1996, Juergen Menden wrote:
> menden >> No one is usually in group root. And the wrappers naturally such big
> menden >> security holes that using those wrappers is almost equal to superuser
> menden >> access anyways. So I thought membership of group root would be
> menden >> an appropriate rquirement.
> menden >
> menden >of course not! :-)
> menden >only ownership of the root account is the apropriate requirement
> menden >for superuser access.
> When you are building packages you need to have superuser access right
> now. debmake just simplifies switching back and forth. What does "of
> course not" refer to?

it refers to your sentence "i thought that membership of group root would
be an appropriate requirement" to superuser access. my position is, that
only a root account is a really appropriate requirement to superuser access.

and please mind the -> :-)

> The point of sudo/super is to have restricted superuser access. Sorry but
> runing build commands for debian packages cannot be called a restricted
> superuser access. It is equal to full superuser access.

you are correct that running build commands requires a somewhat
full superuser access. but at least sudo implements just as well
a full superuser access even without passwd checking if you like.

in fact, i've installed my account on my home machine using
sudo this way. i can run any command, even /bin/bash as
   sudo command
without problems and without bothering of passwords :-)

the advantage of sudo to yet another suid wrapper is, that superuser
access is much more secure because
 - all security know-how is concentrated in one place and
 - it checks, whether the account really has permission to
   run the desired command by explicite mentioning the permissions.
   this is better then the implicit assumption that membership of
   groop root implies superuser access.

about environment changes by sudo/super: have you experienced
any problems with this? as i have not, maybe i can assist in
solveing them without useing suid wrappers?

about real and effective uid: you said that dpkg-dev expects
the _effective_ uid be set to root. well, you still havn't explained
how you do this, and why you cannot do this without 'build' being
suid-root (if called via sudo eg).

> menden >sorry if all this sounds silly, but in fact i do not
> menden >really understand why you need it.
> I dont think you use debmake and thus you better get it and look at the
> situation.

well, i'm sad to hear this. i don't think that argueing this way
is apropriate for security issues.

in fact i've installed debmake and have already tried to use it.
unfortunately build currently does not have an option to only
recompile arch-specific parts, so it's not very effective for me.
but i have not seen any drawbacks if i remove the suid bit of
build and start it with
   sudo build
yet again i do not claim to be an expert in debmake. your turn
around cycle is much to fast for me to catch up. :-)

let me summarize my critic:
people know very well what they do when they add a user to
the sudo configuration file. this is because it makes it
explicite that superuser access is provided. on the other
hand it's not clear, that if i add an account to the group root
that i suply it with full superuser access. the problem
is this implicite assumption that build uses.

i know that it's sub-optimal to use the group root for
any things which i use groups normally, but alas, that's
live. noone would expect this to be more than a weired

hope it helps to clarify some points.

Juergen Menden                   | Disclaimer: The opinions expressed by me,
tel:    +49 (89) 289 - 22387     +-----------+ are (usually) not the opinions
e-mail: menden@informatik.tu-muenchen.de     | of anyone else on this planet.

Hi! I'm a .signature virus!  Add me to your .signature and join in the fun!

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com

Reply to: