Re: Bug#58640: wrapper does not handle fakeroot well
On Tue, Feb 22, 2000 at 07:34:31PM +0000, Colin Phipps wrote:
> >
> > Joost, is there a simple way to test if a "root" is a "fakeroot"
> > instead?
>
> Don't even think about testing for fakeroot.
AFAICT fakeroot always adds a FAKEROOTKEY environment variable, is this
not sufficient?
> > >From a shell script or even from a C prog (I'm convincing myself that I
> > need to rewrite the wrapper in C and make it suid nobody ... or forget
> > this wrapper stuff at all :-).
>
> Nothing is owned by nobody, and certainly nothing should be suid nobody :-).
> Actually, I think the whole idea of the man wrapper su'ing to nobody is
> flawed, because the temporary files created while decompressing manpages
> could be owned by nobody.
yup, (ahem xfs-xtt)
> Perhaps you'd like to enlighten me - why is mandb setuid man anyway? If man
> calls mandb when the db needs updating, then it can pass the setuid man
> priviledges to it. I can't think offhand why ordinary users would need to use
> mandb directly, maybe I'm overlooking something though.
i think man does invoke mandb, everytime i upgrade any large number of
packages and try to find a man page i get what looks like a mandb
update...
as for suid as opposed to setgid doesn't that have to do with
preventing the catman files from being owned by various users instead
of man? i think it would be worse to have loads of catman files owned
by normal users opening up yet another writable place in /var along
with quota problems...
just for kicks slackware did away with set[ug]id man binaries
altogether and just made all the catman directories mode 1777... i
don't care for this method though, i hate world writable directories.
--
Ethan Benson
Reply to: