Re: policy changes toward Non-Interactive installation
Brian May wrote:
> >>>>> "Steve" == Steve Greenland <stevegr@debian.org> writes:
>
> Steve> Which reminds me, what sort of security is enabled in
> Steve> debconf? Can any user read the values from the database, or
> Steve> is it limited to root?
>
> Not sure about this (on my system only root can read /var/lib/debconf),
> however:
>
> Steve> An attempt to use db_get as a regular user, but only
> Steve> because the current backend tries to write a temporary file
> Steve> to var/lib/debconf (I think) (line 229 in ConfigDb.pm,
> Steve> potato version).
>
> not sure how well temp files are managed.
Belive it or not, I know how to safely manage temp files and protect
sensitive information with unix permissions.
> I was told though, for the purpose of Heimdal-kdc, to put it in the
> postinst directory. This means it doesn't have to get stored in the
> database. ie the postinst script does a "db_get" followed by a
> "db_set".
I told you this because you stressed it was very very important. Really
sheer paranoia though.
--
see shy jo
Reply to: