[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package maintainer script policy.

Manoj Srivastava wrote:
> 	I realized, of course, after sending the message, that the pre
>  and post inst scripts are run as root, while the binaries need never
>  be. I am getting senile. Hmm. 
> 	I guess we need to modify policy on this; and maybe require
>  that all pre and post install and rm scripts need to be scripts for
>  security purposes? 

That's exactly why I pointed out that there are packages like bash that have
script postinsts that still run binaries included in the package, as root.
Other examples, are, oh... almost all daemons. Take apache for instance.
Postinst is a perl script, but it does run the package binary as root. This
kind of thing can't be avoided. If you're paranoid building from source is
the only way to go.

see shy jo

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: