Re: policy changes toward Non-Interactive installation

To: debian-devel@lists.debian.org
Cc: Brian May <bam@debian.org>
Subject: Re: policy changes toward Non-Interactive installation
From: Steve Greenland <stevegr@debian.org>
Date: Thu, 17 Aug 2000 10:50:52 -0500
Message-id: <[🔎] 20000817105052.B19453@molehole.dhis.org>
Mail-followup-to: debian-devel@lists.debian.org, Brian May <bam@debian.org>
Reply-to: Steve Greenland <stevegr@debian.org>
In-reply-to: <[🔎] 20000816001113.A601@silk.kitenet.net>; from joeyh@debian.org on Wed, Aug 16, 2000 at 12:11:13AM -0700
References: <20000808162714.A24200@azure.humbug.org.au> <871yzssaju.fsf_-_@alpha.intern.brederlow.de> <87lmxz7uob.fsf@glaurung.green-gryphon.com> <[🔎] 20000814215902.A10473@kitenet.net> <[🔎] 87punbc9yi.fsf@glaurung.green-gryphon.com> <[🔎] 20000814233827.N9433@kitenet.net> <[🔎] 84ya1z558y.fsf@snoopy.apana.org.au> <[🔎] 20000815122547.C16806@molehole.dhis.org> <[🔎] 84u2cm5ek0.fsf@snoopy.apana.org.au> <[🔎] 20000816001113.A601@silk.kitenet.net>

On 16-Aug-00, 02:11 (CDT), Joey Hess <joeyh@debian.org> wrote: 
> Belive it or not, I know how to safely manage temp files and protect
> sensitive information with unix permissions.

I know you do, Joey, but my concern is that since the permission
violation occurs in the backend, when the backend gets replaced by
something else that the security by be inadvertently dropped. Would it
make sense for the front-end(s) check the effective userid and refuse to
run if it's not 0? 

Steve

Reply to:

References:
- Re: policy changes toward Non-Interactive installation
  - From: Joey Hess <joeyh@debian.org>
- Re: policy changes toward Non-Interactive installation
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: policy changes toward Non-Interactive installation
  - From: Joey Hess <joeyh@debian.org>
- Re: policy changes toward Non-Interactive installation
  - From: Brian May <bam@debian.org>
- Re: policy changes toward Non-Interactive installation
  - From: Steve Greenland <stevegr@debian.org>
- Re: policy changes toward Non-Interactive installation
  - From: Brian May <bam@debian.org>
- Re: policy changes toward Non-Interactive installation
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: WG: ITP: Moscow ML - An implementation of standard ML.
Next by Date: Re: WG: Broken bootable SPARC CD#1, and why this happened
Previous by thread: Re: policy changes toward Non-Interactive installation
Next by thread: Re: policy changes toward Non-Interactive installation
Index(es):
- Date
- Thread