Re: RC Security Flaw - mkdir & script create as 755, 644. SB &700, yes?
>>"Vince" == Vince <email@example.com> writes:
Vince> On Mon, Feb 25, 2002 at 10:45:49PM -0600, Manoj Srivastava wrote:
>> Debian is known to be a rock solid OS, which is sane, easy to
>> maintain, and does not dumb itself down in order to be useful to less
>> knowledgeable users.
Vince> None of these goals (save perhaps the last) need be compromised by the
Vince> suggested change.
The last point is by no means the least.
>> Preventing people from doing things that are dangerous often
>> also prevents them from doing things that are interesting.
Vince> Just set your umask appropriately then. And if it's not your Debian
Vince> box, I guess the admin can set whatever umask he likes.
So that is your solution. We have selected a default umask,
based on reasonable security, and allowing for collaborative
effort. If you do not agree with this, change your umask.
The default should not be set for idiots.
Vince> I should say here that I think the umask is fine the way it is right
Cool, we agree then.
>> No. There are distributions that are trying to specialize as a
>> niche for that kind of a user -- and they are far better left to the
>> task than Debian is.
Vince> You seem to believe that Debian cannot become better suited for those
Vince> kinds of users without dropping down an irreversible path to
Vince> specialisation. I disagree.
I said no such thing. Indeed, all I said was that if you have
to make changes to Debian that are annoying to seasoned veterans in
order to appease people who don't want to make any effort to learn
their tools, then I am opposed to such dumbing down.
If you prevent users from doing stupid things, you also
prevent them from doing interesting innovative things.
>> You have to ask yourself what it is that motivates the general
>> developer. While by no means speaking for all developers, I say that
>> I personally spend the time that I do on Debian because I want to --
>> and I spend it doing things that are useful and interesting to
>> _me_. Letting a novice use Debian is interesting, perhaps, but not
>> really enough of a motivator -- that's not going to keep me up at 4am
>> hacking at Debian.
Vince> So don't, then :) Answernig bug emails probably isn't
Vince> something you get too excited about either, but I don't see
Vince> you disagreeing with the idea that Debian should have a bug
Vince> tracking system.
Best Free OS. Social contract. I agree with the social
contract. I do not agree with targetting the largest market, or
making things less convenient for people in order to hand hold
tluxt> Now, he probably won't know about umask. My point is:
>> Should he not learn?
Vince> Yes. But that doesn't mean we can't have a discussion about
Vince> which is the more appropriate default umask.
Ok. But w4e already have had this dicussion -- several times
now. Also discussions about group-per-user, and access control lists,
and capability lists, etc.
tluxt> So, I think it wise that the packagers of the Debian system
tluxt> should keep in mind such a person, and have as a goal that the
tluxt> Debian system could, ultimately, be productively & easily used
tluxt> by such a person.
>> Why? How does that scratch my itch?
Vince> I don't think the purpose in people filing bugs or making
Vince> suggestions is to scratch your itch, though. If it does,
Does to. Makes my packages better, and it makes software I use
daily more robust, and makes me more productive. If you do not think
so, perhaps you need to reexamine your interest in software.
>> I reject that hypothesis. Personally, I would much rather that
>> Debian continue to cater to people like me -- there are toehr
>> distibutions that shall be a better fit for the average consumer.
Vince> I think it's something that could be worked on where simple,
Vince> convenient and unobstructive.
Fine. As long as it is unobstusive. Making files created by
root unreadable by my non-root-persona is not unobstisive.
>> Choice is on of the greatest things that free software
>> offers. Making Linux distributions clones of one other chasing the
>> largest market share does the community a disservice in the end.
Vince> This seems like an overly competitive view of the Linux distro
Far from it. My view is that we are complementary -- we are
differentiated, adapted into our own niche, with our own ecology.
Removing the differences removes the adaptive advantages we may
Vince> We may make usability changes not to better "compete" with
Vince> other distributions, but simply because we see improvements we
Vince> want to merge/emulate in Debian. In other words, we take what
Vince> we think is good. Not because our goal is to "chase" them,
Vince> but because we think it's a worthy change.
Usability improvemewnts are one thing. making rm not
recursively remove dirs because some idiot may rm -rf / as root is
not an improvment (though an extreme example).
Too cool to calypso, Too tough to tango, Too weird to watusi The Only
Manoj Srivastava <firstname.lastname@example.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C