Re: Packages' use of dpkg-statoverride
On Thu, Jan 11, 2001 at 12:12:27PM -0500, Matt Zimmerman wrote:
> On Thu, Jan 11, 2001 at 06:03:18PM +0100, Wichert Akkerman wrote:
> > Previously Matt Zimmerman wrote:
> > > Why not just ask in .config and register the override in postinst with
> > > --update?
> > Because you have a window in time where the file might exist on the
> > filesystem with the wrong permissions.
> Yes, but this is while the package is in the 'unconfigured' state. It is not
> unusual or unacceptable for a package to be somewhat broken when it has just
> been unpacked and not configured.
It's not a question of broken; making a lot of programs (like mine for
instance, lxdoom) suid could be a security risk. The window Wichert talks
about is a window of opportunity where a binary is installed suid and
can be exploited, before the system administrator decides (for whatever
reason - bugtraq or otherwise) to remove the suid bit. That's why I ship
lsdoom by default as not suid, and then enable the suid bit later at the
request of the sysadmin.