[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages' use of dpkg-statoverride

On Thu, Jan 11, 2001 at 07:32:22PM +0100, Wichert Akkerman wrote:

> Previously Matt Zimmerman wrote:
> > As I said in my original message, to avoid a problem like this, all binaries
> > should be shipped non-suid, and optionally overridden to suid.
> You should ship it in the most often used configuration, and set the
> override beforehand if needed. That way you don't get unexpected breakage
> if for some reason the install dies halfway through or takes very long.
> I've seen lots of people complain about things like ping suddenly no
> longer being suid. statoverrides give us a way to close that window
> of brokenness - we have to us it.

It seems like we have to choose between a possible unwanted window of
non-suidness and a possible unwanted window of suidness.  I would choose the
former anyday.  Once the package has been installed for the first time, the
override should ensure that the permissions stay the same through future

Do users really expect a package to work before it has been installed and
configured for the first time?

 - mdz

Reply to: