[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#967857: debian-policy: [Files/Permissions and owners] files installed by package manager should not be writable

On Tue, 2020-08-04 at 23:50 +0200, Guillem Jover wrote:
> On Tue, 2020-08-04 at 13:56:45 -0700, Russ Allbery wrote:
> > Ansgar <ansgar@debian.org> writes:
> > > 10.9 Permissions and owners currently says
> > > > Files should be owned by root:root, and made writable only by the
> > > > owner and universally readable (and executable, if appropriate),
> > > > that is mode 644 or 755."
> > > However most files shouldn't be modified as modifications will just be
> > > lost (e.g. everything installed by the package manager that isn't
> > > handled as a conffile).  It also gives more permissions than the minimum
> > > needed.
> 
> I'm not sure why we need to protect the local sysadmin(s) from this? Also
> root can just write to any file regardless of the permissions.

The same reason that `rm -rf /` gives an error these days? :)

People modify files managed by dpkg from time to time and wonder why
these modifications suddenly disappear on upgrades.  Or some package
might assume a file is writable and use it, then data is lost on
upgrade.  (I'm fairy certain to remember bug reports about that for
files shipped in /var.)

Various files are read-only anyway (such as `/bin/bash` when a shell is
running).

> Countless
> times I've modified local files, for example, to fix an issue that is
> pending upload. And while that does not require write perms if done as
> root, both of the above would seem to counter this as a good reason
> for this change?

You can still do that if you really want to; editors will warn users if
they modify read-only files, even when they provide an override to
force writing the file.

> > The basic argument makes sense to me, but this is the sort of change where
> > we'll need to figure out a transition strategy coordinated across multiple
> > packages, since this behavior is encoded in a lot of places.

Probably mostly debhelper (dh_fixperms)?

> > Maybe it
> > would make sense for Guillem to weigh in first and indicate whether this
> > would be a problem on the dpkg side and if he sees any concerns.  Copying
> > debian-dpkg@lists for that.
> 
> Thanks! Was meaning to comment anyway. :)
> 
> This would break installations as non-root, as those users will not
> have enough privs to create the objects to extract. So that alone seems
> like a non-starter.

Why would non-root users not be able to create files with 444
permissions instead of 644?

Ansgar
Reply to: