Re: logcheck: Dangerous usage of /var/tmp ?

To: debian-dpkg@lists.debian.org
Subject: Re: logcheck: Dangerous usage of /var/tmp ?
From: Adam Heath <doogie@brainfood.com>
Date: Mon, 18 Aug 2003 12:29:28 -0500 (CDT)
Message-id: <[🔎] Pine.LNX.4.44.0308181225410.16456-100000@gradall.private.brainfood.com>

(sorry for the lack of thread headers; due to an issue with my connection, I
had my machine offline since thursday, and my mail bounced.  I'm commenting in
this thread, after reading the archives).

Note, that any dumb patch which changes the behavious for dpkg, with regard to
perms copied out of the deb, will not be applied.

Consider the case of /usr.  Almost all packages have that in their deb.  And
if just one package has odd perms on that dir, then very odd things could
occur, when it is unpacked.

A smart way to fix this, is to have dpkg check the +s bits on the target dir,
and if set, ensure the file/dir don't exist.

Also, it could be argued, that /var/tmp should exist in any deb.  It's
equivalent to /tmp.  Maybe this should be mentioned in policy.

Reply to:

Follow-Ups:
- Re: logcheck: Dangerous usage of /var/tmp ?
  - From: Joey Hess <joeyh@debian.org>
- Re: logcheck: Dangerous usage of /var/tmp ?
  - From: Adam Heath <doogie@debian.org>

Prev by Date: Bug#206063: base-files - please remove unused /usr/{dict,info}
Next by Date: Bug#206063: base-files - please remove unused /usr/{dict,info}
Previous by thread: Re: Bug#193161: logcheck: Dangerous usage of /var/tmp ?
Next by thread: Re: logcheck: Dangerous usage of /var/tmp ?
Index(es):
- Date
- Thread