Re: Experiences with compiling Debian
>
> On Mon, 23 Jun 1997, joost witteveen wrote:
>
> > (in fakt so much, that I may be tempted to write it myself. You
> > don't need that many changes).
>
> Well, you need to write your own version of make that looks for any attempt
> to run chmod, chown etc, and then fakes all the ownership and modes in the
> resulting tar.
>
> I'm not sure whether it's possible in general even then, what if the package
> tries to set the ownership of a file from within another shell script or a
> perl script; how can you intercept that so it works properly?
>
> With a few minor changes in the way packages are made---having tars all made
> as any user, and chowns done after the package is installed, either in the
> postinst or by dpkg first (the former would have the advantage of running on
> existing systems)---we could build as non-root.
>
>
I like this. dpkg could set permissions on install based on a
package file similar to the suidmanager approach. If we did this,
we could also have a global security policy setting that could, using
only dpkg, find all suid programs.
-Erik
--
Erik B. Andersen Web: http://www.inconnect.com/~andersen/
email: andersee@debian.org
--This message was written using 73% post-consumer electrons--
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: