Re: Bug#58640: wrapper does not handle fakeroot well
On Mon, Feb 21, 2000 at 11:09:22PM -0900, Ethan Benson wrote:
> On Tue, Feb 22, 2000 at 09:31:22AM +0200, Fabrizio Polacco wrote:
> >
> > Jeah, it's because of the test
> >
> > [ `id -u` = 0 ]
> >
> > Joost, is there a simple way to test if a "root" is a "fakeroot"
> > instead?
>
> I am the one who suggested this test over the flawed writablity of
> /root, and I knew this would not work with fakeroot, but come on,
> please tell me one valid reason for running your shell through
> fakeroot? that is just plain silly and you get what you deserve for
> doing it IMO.
>
> fakeroot is for building packages as a non root user and ensuring that
> the files are owned by the proper users, i cannot think of any reason
> why dpkg-buildpackage would need to go read a manpage while doing
> this.
>
> this sounds like a complete non-issue IMO.
I understand this and I can even sympathize, but ...
... there is an issue.
Please remember that the wrapper si no only man, but also mandb.
mandb has an option -t which can be usefull to test a man hierarchy to
search for not parsable manpages or broken links.
For example you can run mandb -c -t debian/tmp/usr/share/man within
your build, as a test case.
See the point? It will run under fakeroot.
> > >From a shell script or even from a C prog (I'm convincing myself that I
> > need to rewrite the wrapper in C and make it suid nobody ... or forget
> > this wrapper stuff at all :-).
>
> suid nobody will bring back the original reason for the wrapper in the
> first place, the concern was if uid man was compromised it can replace
> the man binaries since it owns them, if it were suid nobody if nobody
> were compromised it could replace the man binary with a trojan.
So let's forget this wrapper stuff and go back to plain old setuid man
man prog.
this for potato.
I will try to ave a setgid man and mandb for woody. then when it's
tested we can even make a potato security update.
But now we are only adding grave and important bugs and just delaying
frozen.
cheers,
fab
--
| fab@pukki.ntc.nokia.com fpolacco@debian.org
| pgp: 6F7267F5 57 16 C4 ED C9 86 40 7B 1A 69 A1 66 EC FB D2 5E
| fabrizio.polacco@nokia.com gsm: +358 (0)40 707 2468
Reply to: