[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#58640: wrapper does not handle fakeroot well

On Tue, Feb 22, 2000 at 07:34:31PM +0000, Colin Phipps wrote:
> > 
> > Joost, is there a simple way to test if a "root" is a "fakeroot"
> > instead?
> Don't even think about testing for fakeroot. 

AFAICT fakeroot always adds a FAKEROOTKEY environment variable, is this
not sufficient?

> > >From a shell script or even from a C prog (I'm convincing myself that I
> > need to rewrite the wrapper in C and make it suid nobody ... or forget
> > this wrapper stuff at all :-).
> Nothing is owned by nobody, and certainly nothing should be suid nobody :-).
> Actually, I think the whole idea of the man wrapper su'ing to nobody is 
> flawed, because the temporary files created while decompressing manpages 
> could be owned by nobody.

yup, (ahem xfs-xtt)

> Perhaps you'd like to enlighten me - why is mandb setuid man anyway? If man 
> calls mandb when the db needs updating, then it can pass the setuid man 
> priviledges to it. I can't think offhand why ordinary users would need to use 
> mandb directly, maybe I'm overlooking something though.

i think man does invoke mandb, everytime i upgrade any large number of
packages and try to find a man page i get what looks like a mandb

as for suid as opposed to setgid doesn't that have to do with
preventing the catman files from being owned by various users instead
of man? i think it would be worse to have loads of catman files owned
by normal users opening up yet another writable place in /var along
with quota problems...

just for kicks slackware did away with set[ug]id man binaries
altogether and just made all the catman directories mode 1777... i
don't care for this method though, i hate world writable directories.

Ethan Benson

Reply to: