Re: Bug#1023778: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]

To: Robie Basak <robie.basak@ubuntu.com>
Cc: 1023778@bugs.debian.org, "brian m. carlson" <sandals@crustytoothpaste.net>, debian-devel@lists.debian.org
Subject: Re: Bug#1023778: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
From: Tollef Fog Heen <tfheen@err.no>
Date: Sun, 13 Nov 2022 17:24:12 +0100
Message-id: <[🔎] 87v8nizutv.fsf@err.no>
Mail-followup-to: Robie Basak <robie.basak@ubuntu.com>, 1023778@bugs.debian.org, "brian m. carlson" <sandals@crustytoothpaste.net>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 20221113113024.GB28869@mal.justgohome.co.uk> (Robie Basak's message of "Sun, 13 Nov 2022 11:30:24 +0000")
References: <Y2xLylfKj34Fbaou@tapette.crustytoothpaste.net> <[🔎] 20221110072617.GQ28869@mal.justgohome.co.uk> <Y2xLylfKj34Fbaou@tapette.crustytoothpaste.net> <[🔎] 87leoiwyse.fsf@err.no> <[🔎] 20221113113024.GB28869@mal.justgohome.co.uk>

]] Robie Basak 

> On Thu, Nov 10, 2022 at 05:37:53PM +0100, Tollef Fog Heen wrote:
> > I think it's more wide than that: If you change UID, you need to
> > sanitise the environment.  Your HOME is likely to be wrong.  PATH might
> > very well be pointing at directories which are not appropriate for the
> > user you're changing the UID to, etc.
> 
> I don't think that this is necessarily obviously the case in general.
> For example, I often use "sudo -s" and *don't* want HOME reset. It
> depends on the purpose of taking different privileges as to what is
> appropriate to reset.

I don't think we're disagreeing here.

> > I'm not sure this is libpam-tmpdir specific, but rather a bit more
> > general: what are the expectations that maintainer scripts can have
> > about the environment they're running in, and how do we make those
> > expectations hold?  This should probably then be documented in policy.
> 
> Agreed, but also, we need a specific answer for TMPDIR. We pass things
> into maintainer scripts because we want to change their behaviour (eg.
> DEBIAN_FRONTEND). So which specific variables are required to be reset
> by maintainer scripts and under what circumstances?

In the specific case of changing users, I'd say any that might influence
the behaviour of what you're executing, whether it's PATH, TMP, TMPDIR,
XDG_DATA_DIRS, PERL5LIB or something else.  I can see arguments both for
and against dpkg ensuring that maintainer scripts run with a sanitised
environment.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to:

References:
- TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
  - From: Robie Basak <robie.basak@ubuntu.com>
- Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: Bug#1023778: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
  - From: Robie Basak <robie.basak@ubuntu.com>

Prev by Date: Re: libpaper and gnulib
Next by Date: Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
Previous by thread: Re: Bug#1023778: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
Next by thread: key packages RC bugs of the month November
Index(es):
- Date
- Thread