[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: policy changes toward Non-Interactive installation



Brian May wrote:
> >>>>> "Steve" == Steve Greenland <stevegr@debian.org> writes:
> 
>     Steve> Which reminds me, what sort of security is enabled in
>     Steve> debconf? Can any user read the values from the database, or
>     Steve> is it limited to root?
> 
> Not sure about this (on my system only root can read /var/lib/debconf),
> however:
> 
>     Steve> An attempt to use db_get as a regular user, but only
>     Steve> because the current backend tries to write a temporary file
>     Steve> to var/lib/debconf (I think) (line 229 in ConfigDb.pm,
>     Steve> potato version).
> 
> not sure how well temp files are managed.

Belive it or not, I know how to safely manage temp files and protect
sensitive information with unix permissions.

> I was told though, for the purpose of Heimdal-kdc, to put it in the
> postinst directory. This means it doesn't have to get stored in the
> database.  ie the postinst script does a "db_get" followed by a
> "db_set".

I told you this because you stressed it was very very important. Really
sheer paranoia though.

-- 
see shy jo



Reply to: