Re: Uploaded faqomatic 2.506-2 (source all) to master
On Thu, 12 Feb 1998, Richard Roberto wrote:
> > Well, if fom is just a Perl script than I suggest moving the variable code
> > (e.g., variables) into a conffile /etc/fomrc (or similar) and include this
> > file within fom with "require '/etc/fomrc';" Does this solve the problem?
> fom is already a small stub. Making it a much larger, more complex
> script just to meet an esoteric "conf file" policy seems rediculous.
> Besides it needing to untaint any external data, it may also need to
> run a different binary, depending on if you use a standard perl
> binary or the debian method. This is for people who want (or need)
> to run the script setid (or run a setid embedded interpreter). Am I
> off base on this?
> Perhaps the script isn't what needs tweaking, but rather the policy?
No. The reason for the policy is that /usr might be mounted read-only and
then, the sysadmin would never get a chance to modify this file. (Since
it's tagged as conffile, it can be assumed that modfying the file will
sometimes be necessary/useful.)
Just think of a network where /usr is mounted read-only from a NFS server
or even from a live CD-installation.
-- Christian Schwarz
Debian has a logo! email@example.com, firstname.lastname@example.org
Check out the logo PGP-fp: 8F 61 EB 6D CF 23 CA D7 34 05 14 5C C8 DC 22 BA
pages at http://fatman.mathematik.tu-muenchen.de/~schwarz/debian-logo/
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
Trouble? e-mail to email@example.com .