Hello, As policy mandates, I'm making public my intention to allocate user fcron for the fcron package (the user will be created dynamically). Any objections? Also, policy mentions nothing about the removal of such a package-added user in postrm. Some packages do remove the user (bsd-ftpd), others don't (postfix). Is there any reason not to remove the user on package purge? I've also noticed that if I were to be my usual paranoic self, I'd have to add a check in preinst that makes sure no user fcron is present in the system (or that, if it is present, its userid is in the --system range for adduser)... somehow I don't think this is done by every packages that needs to create system users :( This is a possible security hole (although not much of one). All the packages I looked at (which were not that many) will not fail if the user is already in the system (which is ok). However, they will not test if the user is already there because of useradd --system (i.e. the user is in the --system uid ranges) or because it is a common user. Fixing the hole would be best done by a patch to adduser so that it returns status 0 if adduser --system would fail because the user is already in the system *and* that user is in the valid uid range for --system. It would also require all packages using adduser to stop doing adduser || true or avoiding calling adduser if the user is already in the system... which also means a policy patch to policy section 4.9. Is it more work than its worth, or should I be posting a policy proposal to -policy ? -- "One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie." -- The Silicon Valley Tarot Henrique Holschuh
Attachment:
pgpXMsOwpmzsA.pgp
Description: PGP signature