Re: Bits from the release team: the plans for etch

To: Gabor Gombas <gombasg@sztaki.hu>
Cc: Marc Haber <mh+debian-devel@zugschlus.de>, debian-devel@lists.debian.org
Subject: Re: Bits from the release team: the plans for etch
From: Frank Küster <frank@debian.org>
Date: Wed, 26 Oct 2005 17:24:28 +0200
Message-id: <[🔎] 87irvkti6r.fsf@alhambra.kuesterei.ch>
In-reply-to: <[🔎] 20051026135036.GB26323@javifsp.no-ip.org> ( Javier Fernández-Sanguino Peña's message of "Wed, 26 Oct 2005 15:50:36 +0200")
References: <[🔎] E1ETva4-0005iY-MW@scyw00225.scy001.de> <[🔎] 20051024063245.GE19151@tennyson.dodds.net> <[🔎] 20051024141318.GA23768@javifsp.no-ip.org> <[🔎] E1EU9aO-0001XS-Ui@scyw00225.scy001.de> <[🔎] 20051025105240.GA21436@javifsp.no-ip.org> <[🔎] E1EUOsY-0000Jv-F3@scyw00225.scy001.de> <[🔎] 20051025202118.GA10290@javifsp.no-ip.org> <[🔎] E1EUecU-0004QS-NV@scyw00225.scy001.de> <[🔎] 20051026091100.GA3940@javifsp.no-ip.org> <[🔎] 20051026115319.GE15626@boogie.lpds.sztaki.hu> <[🔎] 20051026135036.GB26323@javifsp.no-ip.org>

Javier Fernández-Sanguino Peña <jfs@computer.org> wrote:

> On Wed, Oct 26, 2005 at 01:53:19PM +0200, Gabor Gombas wrote:
>> On Wed, Oct 26, 2005 at 11:11:00AM +0200, Javier Fernández-Sanguino Pe?a wrote:
>> 
>> > That really depends on the daemon itself don't you think? There's a number of
>> > daemons that don't create any file at all or, if they do, are created
>> > only on a given directory which is removed on purge. In these cases, removing
>> > the user on postrm's purge might make sense. As I said, that would be an
>> > option. 
>> 
>> It is still possible that those daemons _read_ some files (e.g. config
>> files), and the admin did a chown/chgrp to the daemon's user. Removing
>> the user and reusing the UID/GID will suddenly make those files
>> accessible for a random new package which may not be intended at all.
>
> Wrong. That is only true in the chown() case. Which is not a sensible thing
> to do. Daemons should be able to read their configuration files but they
> usually *don't* need to *write* them, so they should *not* own them. 

What about log files with sensitive content?

Regards, Frank
-- 
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer

Reply to:

Follow-Ups:
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

References:
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Steve Langasek <vorlon@debian.org>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Marc Haber <mh+debian-devel@zugschlus.de>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Re: Bits from the release team: the plans for etch
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Re: Bits from the release team: the plans for etch
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Re: How to automatically update files on alioth from svn
Next by Date: Re: Bits from the release team: the plans for etch
Previous by thread: Re: Bits from the release team: the plans for etch
Next by thread: Re: Bits from the release team: the plans for etch
Index(es):
- Date
- Thread