Re: on the use of chmod/chown in maintainer scripts
Le Sat, May 12, 2012 at 12:23:49PM +0200, Peter Palfrader a écrit :
>
> In some cases[1], this chmodding and chowning is done on each package upgrade,
> either because things changed over time and just doing it unconditionally seems
> like the easiest thing, or just because hey, it doesn't hurt, does it?
>
> Unfortunately, this can be a problem. Consider a tree /var/lib/example/ that
> is owned or writeable by exuid. If, on upgrades, the package runs chown or
> chmod -R /var/lib/example/, or does a chown or chmod on a specific node in that
> tree, this implies the possibility of privilige escalation.
Hi all,
I was always wondering:
Unless we expect that two different binary packages that can be co-installed
will distribute the same directory under different ownership or permissions for
a good reason, why not simply let dpkg apply ownership and permissions found in
data.tar.{gz|bz2|xz}, and treat it the same as a file conflict when unpacking a
package on a system where another package has already set different ownersip
and permissions ?
Cheers,
--
Charles Plessy
Tsurumi, Kanagawa, Japan
Reply to: