[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Dropping debpkg from devscripts (in trixie)


README for debpkg in devscripts says: "debpkg: A wrapper for dpkg used
by debi to allow convenient testing of packages.  For debpkg to work, it
needs to be made setuid root, and this needs to be performed by the
sysadmin -- it is not installed as setuid root by default.  (Note that
being able to run a setuid root debpkg is effectively the same as having
root access to the system, so this should be done with caution.)  Having
debpkg as a wrapper for dpkg can be a Good Thing (TM), as it decreases
the potential for damage by accidental wrong use of commands in
superuser mode (e.g., an inadvertent rm -rf * in the wrong directory is
disastrous as many can attest to)."

The "Wrapper script" section in README from devscripts goes into the
details and explains that you can invoke the wrappers with "sudo" or
"super" or, highly dangerous, make debpkg setuid.

debpkg uses a wrapper script written in C which makes devscripts
architecture any. If we drop debpkg, we can make devscripts architecture

IMO sudo (or equivalent) is superior to make debpkg setuid. Are there
use cases that cannot be covered by using sudo? If there are no
objections, my plan will be to remove debpkg from devscripts in trixie
(i.e. after the bookworm release).

Benjamin Drung
Debian & Ubuntu Developer

Reply to: