Re: FHS: Where to store user specific plugins / code

To: debian-devel@lists.debian.org
Subject: Re: FHS: Where to store user specific plugins / code
From: Marvin Renich <mrvn@renich.org>
Date: Wed, 28 Feb 2018 18:14:17 -0500
Message-id: <[🔎] 20180228231417.goep262tukvegqxy@basil.wdw>
In-reply-to: <[🔎] 23191.12492.463569.110800@chiark.greenend.org.uk>
References: <[🔎] 20180228175414.GL2790@debian> <[🔎] 23191.12492.463569.110800@chiark.greenend.org.uk>

* Ian Jackson <ijackson@chiark.greenend.org.uk> [180228 17:45]:
> Georg Faerber writes ("FHS: Where to store user specific plugins / code"):
> > I'm maintaining schleuder in Debian [1], a "gpg-enabled mailing list
> > manager with resending-capabilities".
> > 
> > Currently, we allow users to run / execute their own plugins, stored in
> > /etc/schleuder/plugins. Obviously, that's not the right place, as /etc
> > is for config files, not executable code. We would like to fix this, but
> > are unsure which location to offer. The (empty) directory would be
> > provided by the package, but the (possible) content would be provided by
> > the user.
> > 
> > Therefore, I'm wondering what's the correct place: Would
> > /usr/local/lib/schleuder/plugins be sensible? If not, any other place
> > which is more suitable?
> 
> Do plugins do something which people might not want if present, and
> not configured ?  If so then perhaps you want a thing a bit like the
> apache mods-enabled scheme: a link farm.
> 
> If not, then if it's easy to do I would load all plugins in
>     /usr/local/lib/schleuder/plugins
>     /usr/lib/schleuder/plugins
> (former masking the latter with for with the same name)

If a user get to install his/her own plugins, they should go in the
user's home directory, e.g. /home/user/.config/scheduler/plugins/.
Non-root users should not generally be given write permission to
/usr/local, and definitely not to /usr/lib.

If the app takes care of installing the plugins on the user's behalf,
that is slightly different.  However, if the plugin can be selected by
the user from a non-trusted source, I would still go with the user's
directory.  Allowing a non-root user to put his own plugin where others
can execute it without being able (even required) to verify its
integrity is a huge security hole.

Ian's comments are good for admin-installed plugins that the users can
use.  In fact there is good precedent for an app checking
/usr/lib/pkg/... for plugins installed from Debian packages,
/usr/local/lib/pkg/... for plugins installed by the admin from
non-Debian locations, and then finally the user's .config/pkg/...
directory.

...Marvin

Reply to:

References:
- FHS: Where to store user specific plugins / code
  - From: Georg Faerber <georg@riseup.net>
- Re: FHS: Where to store user specific plugins / code
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: Re: FHS: Where to store user specific plugins / code
Next by Date: Re: PGP Clean Room GSoC Co-Mentoring
Previous by thread: Re: FHS: Where to store user specific plugins / code
Next by thread: PGP Clean Room GSoC Co-Mentoring
Index(es):
- Date
- Thread