[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages' use of dpkg-statoverride



Anthony Towns wrote:
> Eh? Surely you should be asking in the package's preinst?
> 
> Ideally, IMHO, there should be a pre-depends on debconf, a debconf
> question about the permissions, the package should be distributed with
> the binary setuid (?), and if the user's said they want the permissions
> different to the default, dpkg-statoverride should be called in preinst.
> 
> Actually, there's no *need* to distribute it setuid in this case. I
> can't think of any particularly compelling reason to do it either way.

It would be simplest and cleanest to not distribute it suid, to prompt
in the config script about whether the admin wants it suid, and to
conditionally make it suid and statoverride it in the postinst. This has
no unwwanted-suid windows, no nasty predependancies, and no modification of
the filesystem in the config script.

-- 
see shy jo



Reply to: