[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Adding file permissions to /var/lib/dpkg/*.list

On 05/05/07, Sam Morris <sam@robots.org.uk> wrote:
If he had relaxed permissions, then in the intervening time an attacker
could have altered files and so on, in which case he's hosed anyway.

That's not the situation I'm proposing. I'm talking about a situation
which you can be certain of no compromise. In the current situation
there is no method for "self recovery".

Anyway, I think that there are too many files that dpkg just does not
know about for this to be useful at the present time. If packages could
register files that they create with dpkg (basically a standard interface
for appending to $dpkg_dir/package.list) then it would be more useful.

I don't know if dpkg doesn't track enough files. It would be nice to
hear about this from someone who does. I would expect that whatever
file is installed on the system by dpkg to be registered in the
package's file list. Adding extra information like four octal
permission digits followed by uid and gid numbers would be simple
enough to not break anything.

I just think it doesn't hurt to add this information to the file list.

Reply to: