Re: [RFR] templates://eviacam/{templates}
Christian PERRIER wrote:
> Rationale:
> --- eviacam.old/debian/templates 2016-02-15 19:53:17.828347882 +0100
> +++ eviacam/debian/templates 2016-02-22 07:12:12.633368880 +0100
> @@ -2,11 +2,11 @@
> Type: boolean
> Default: false
> _Description: Should eviacamloader be installed 'setuid root'?
This doesn't need to be a sentence, but then again
_Description: install eviacamloader 'setuid root'?
might be a bit baffling. I'll just introduce one systematic change:
use double quotes.
> - In order to enable users of the group 'eviacam' to run eviacam in
> - high priority (which improves responsiveness), the eviacamloader
> - program can be installed with the set-user-ID bit set, so that it
> + In order to enable users of the 'eviacam' group to run eviacam in
"Users of" a group is odd, especially since it doesn't mean users who
are *now* members of that group - at the moment the sysadmin reads
this there are no such users.
It's "at" a priority, not "in".
> + high priority (which improves responsiveness), the eviacamloader
> + program can be installed with the set-user-ID bit set, so that it
> will run with the permissions of the superuser.
Elevated privileges, not permissions,
> .
> - Such a setting requires that the sysadmin adds authorized users to the
Setting the setuid bit doesn't require this; making use of it does.
Also, given that "the sysadmin" means whoever's reading this, we don't
need to refer to them in the third person (or at all).
> - 'eviacam' group and may have security implications in the case of
> + Such a setting requires that the sysadmin adds authorized users to the
> + 'eviacam' group and may have security implications in the case of
> vulnerabilities in eviacamloader's code.
>
> Drop trailing spaces in all lines, as they trigger double spaces in
> the middle of debconf screens.
> No other change
My main problem with this is that I didn't realise what it meant until
I looked at the code. I was assuming eviacam did something involving
rtprio (in /etc/security/limits.conf), but no - it's just using a
"rwsr-x--- root:eviacam eviacamloader" so that it can run "nice -11".
I'd like to rephrase it as:
Installing eviacamloader with the set-user-ID bit set enables all
users who have been added to the group "eviacam" to launch eviacam
with a modified scheduling priority for better responsiveness.
.
Since this setting allows eviacamloader to be run with superuser
privileges, it may have security implications in the case of
vulnerabilities in eviacamloader's code.
> --- eviacam.old/debian/control 2016-02-15 19:53:17.828347882 +0100
> +++ eviacam/debian/control 2016-02-22 07:13:33.867229762 +0100
> @@ -21,6 +21,6 @@
> Recommends: wx3.0-i18n
> Description: webcam based mouse emulator
> Enable Viacam (aka eViacam) is a mouse replacement program that moves
> - the pointer as you move your head. It works on a standard computer
> + the pointer with head movements. It works on a standard computer
> equipped with a web camera. No additional hardware is required. Based
> on the award winning Facial Mouse software.
>
> "unpersonnalize". There's probably a better proposal than mine...:-)
How about:
the pointer tracking the user's head movements.
Saying "web camera" makes it sound as if it's talking about a proper
old-style webcam, which meant a CCTV camera streaming its output to
the Internet, rather than just a laptop camera pointing at the user.
Oh well, we've got the term "webcam" in the synopsis.
The last line is verging on an un-English use of "software", but I
wouldn't have noticed if I wasn't looking for problems.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Template: eviacamloader/eviacamloader_setuid
Type: boolean
Default: false
_Description: Should eviacamloader be installed "setuid root"?
Installing eviacamloader with the set-user-ID bit set enables all
users who have been added to the group "eviacam" to launch eviacam
with a modified scheduling priority for better responsiveness.
.
Since this setting allows eviacamloader to be run with superuser
privileges, it may have security implications in the case of
vulnerabilities in eviacamloader's code.
Source: eviacam
Section: x11
Priority: optional
Maintainer: Cesar Mauri <cesar@crea-si.com>
Build-Depends: debhelper (>= 9),
dh-autoreconf,
libgtk2.0-dev,
libopencv-dev (>= 2.0),
libpng12-dev,
libv4l-dev,
libwxgtk3.0-dev,
libxext-dev,
libxtst-dev,
po-debconf
Standards-Version: 3.9.6
Homepage: http://viacam.org
Package: eviacam
Architecture: any
Depends: ${misc:Depends}, ${shlibs:Depends}, opencv-data
Recommends: wx3.0-i18n
Description: webcam based mouse emulator
Enable Viacam (aka eViacam) is a mouse replacement program that moves
the pointer tracking the user's head movements. It works on a standard
computer equipped with a web camera. No additional hardware is required.
Based on the award winning Facial Mouse software.
diff -ru eviacam-2.0.3.pristine/debian/control eviacam-2.0.3/debian/control
--- eviacam-2.0.3.pristine/debian/control 2016-02-06 12:23:25.000000000 +0000
+++ eviacam-2.0.3/debian/control 2016-02-22 09:27:44.158278498 +0000
@@ -21,6 +21,6 @@
Recommends: wx3.0-i18n
Description: webcam based mouse emulator
Enable Viacam (aka eViacam) is a mouse replacement program that moves
- the pointer as you move your head. It works on a standard computer
- equipped with a web camera. No additional hardware is required. Based
- on the award winning Facial Mouse software.
+ the pointer tracking the user's head movements. It works on a standard
+ computer equipped with a web camera. No additional hardware is required.
+ Based on the award winning Facial Mouse software.
diff -ru eviacam-2.0.3.pristine/debian/templates eviacam-2.0.3/debian/templates
--- eviacam-2.0.3.pristine/debian/templates 2015-09-24 14:42:36.000000000 +0100
+++ eviacam-2.0.3/debian/templates 2016-02-22 09:41:48.369275278 +0000
@@ -1,12 +1,11 @@
Template: eviacamloader/eviacamloader_setuid
Type: boolean
Default: false
-_Description: Should eviacamloader be installed 'setuid root'?
- In order to enable users of the group 'eviacam' to run eviacam in
- high priority (which improves responsiveness), the eviacamloader
- program can be installed with the set-user-ID bit set, so that it
- will run with the permissions of the superuser.
+_Description: Should eviacamloader be installed "setuid root"?
+ Installing eviacamloader with the set-user-ID bit set enables all
+ users who have been added to the group "eviacam" to launch eviacam
+ with a modified scheduling priority for better responsiveness.
.
- Such a setting requires that the sysadmin adds authorized users to the
- 'eviacam' group and may have security implications in the case of
+ Since this setting allows eviacamloader to be run with superuser
+ privileges, it may have security implications in the case of
vulnerabilities in eviacamloader's code.
Reply to: