[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the release team: the plans for etch

On Wed, Oct 26, 2005 at 05:24:28PM +0200, Frank Küster wrote:
> Javier Fernández-Sanguino Peña <jfs@computer.org> wrote:
> > On Wed, Oct 26, 2005 at 01:53:19PM +0200, Gabor Gombas wrote:
> >> On Wed, Oct 26, 2005 at 11:11:00AM +0200, Javier Fernández-Sanguino Pe?a wrote:
> >> 
> >> > That really depends on the daemon itself don't you think? There's a number of
> >> > daemons that don't create any file at all or, if they do, are created
> >> > only on a given directory which is removed on purge. In these cases, removing
> >> > the user on postrm's purge might make sense. As I said, that would be an
> >> > option. 
> >> 
> >> It is still possible that those daemons _read_ some files (e.g. config
> >> files), and the admin did a chown/chgrp to the daemon's user. Removing
> >> the user and reusing the UID/GID will suddenly make those files
> >> accessible for a random new package which may not be intended at all.
> >
> > Wrong. That is only true in the chown() case. Which is not a sensible thing
> > to do. Daemons should be able to read their configuration files but they
> > usually *don't* need to *write* them, so they should *not* own them. 
> What about log files with sensitive content?

Non-issue, as I said in the end of my post, those should be removed on purge.
This is mandated by policy:
Thus, at the same time that the user is removed and would never be orphaned.

Case closed :-)


Attachment: signature.asc
Description: Digital signature

Reply to: