[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Experiences with compiling Debian

> On Mon, 23 Jun 1997, joost witteveen wrote:
> > (in fakt so much, that I may be tempted to write it myself. You
> > don't need that many changes).
> Well, you need to write your own version of make that looks for any attempt
> to run chmod, chown etc, and then fakes all the ownership and modes in the 
> resulting tar.
> I'm not sure whether it's possible in general even then, what if the package
> tries to set the ownership of a file from within another shell script or a
> perl script; how can you intercept that so it works properly?
> With a few minor changes in the way packages are made---having tars all made
> as any user, and chowns done after the package is installed, either in the
> postinst or by dpkg first (the former would have the advantage of running on
> existing systems)---we could build as non-root.

I like this.  dpkg could set permissions on install based on a
package file similar to the suidmanager approach.  If we did this,
we could also have a global security policy setting that could, using
only dpkg, find all suid programs.


Erik B. Andersen   Web:    http://www.inconnect.com/~andersen/ 
                   email:  andersee@debian.org
--This message was written using 73% post-consumer electrons--

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: