[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: logcheck: Dangerous usage of /var/tmp ?

(sorry for the lack of thread headers; due to an issue with my connection, I
had my machine offline since thursday, and my mail bounced.  I'm commenting in
this thread, after reading the archives).

Note, that any dumb patch which changes the behavious for dpkg, with regard to
perms copied out of the deb, will not be applied.

Consider the case of /usr.  Almost all packages have that in their deb.  And
if just one package has odd perms on that dir, then very odd things could
occur, when it is unpacked.

A smart way to fix this, is to have dpkg check the +s bits on the target dir,
and if set, ensure the file/dir don't exist.

Also, it could be argued, that /var/tmp should exist in any deb.  It's
equivalent to /tmp.  Maybe this should be mentioned in policy.

Reply to: