[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: standard for executable files under /usr/share

On Tue, 18 Mar 2003 17:38, Santiago Vila wrote:
> On Tue, 18 Mar 2003, Russell Coker wrote:
> > On Tue, 18 Mar 2003 13:29, Santiago Vila wrote:
> > > Why is this a problem but not binaries under /usr/lib?
> >
> > There are less of them.
> So you propose to declare a lot of packages buggy just because it's
> not completely trivial for you to create a list of the /usr/share
> executables they contain?

I'm not asking for anything to be trivial, if I wanted to do something trivial 
then I would not be working on SE Linux in the first place!

I am asking for help in making the problem solvable.

Currently executables are being placed with arbitary names under /usr/share 
all the time in unstable, the names that are used vary between package 
versions and of course we are always getting new packages.  For tracking 
unstable I am barely able to keep up with the packages I have installed.  For 
packages I don't use the chances of getting these issues fixed is very small 
at the moment.

This does not just affect SE Linux, it potentially affects LIDS, DTE, RSBAC, 
and other security systems.  The reason I post messages about SE Linux issues 
and other people don't post about other security systems is because my SE 
Linux work is going further than the work on other security systems.

The reason I want to deal with /usr/share before /usr/lib is simply because 
it's where more of the problems lie.  Once /usr/share is resolved /usr/lib 
should be trivial.

I don't plan to "declare packages buggy" because solving this issue entirely 
can't be easily done in the scope of Debian.  This will involve patching 
programs, and for some programs this may be very difficult and require 
upstream changes.  If we can determine a good solution then we can make a 
case for getting upstream changes to applications when necessary.

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: