[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: logcheck: Dangerous usage of /var/tmp ?



Adam Heath wrote:
> Consider the case of /usr.  Almost all packages have that in their deb.  And
> if just one package has odd perms on that dir, then very odd things could
> occur, when it is unpacked.

This is the argument you gave last time, and I still hold that it would
be better to find out immediatly that a broken package has made /usr
mode 400 than it would be to wait for a bug report from some poor user
two happens to install that package before any others and gets a broken
system two years down the road.

Of course /usr is a poor example; something like /etc/X11 is a much
better example.

> Also, it could be argued, that /var/tmp should exist in any deb.  It's
> equivalent to /tmp.  Maybe this should be mentioned in policy.

Agreed.

-- 
see shy jo

Attachment: pgpyiRoHQ7Jw9.pgp
Description: PGP signature


Reply to: