[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Semantics of config/chroot_local-includes and config/binary_local-includes changed

[Starting a new thread to make it obvious]

Hi all,

Starting with the current Git HEAD (and whichever live-helper version follows
1.0.1-1), the semantics of the chroot_ and binary_ local-includes directories
will change.

Files that are copied from this directory to the target system will now
always be owned by root:root, instead of the uid/gid pair they had in their
respective config/ directories.

This is partly to ensure consistency in creating images, but also to avoid
potential security issues resulting from system files or directories being
writable by the live user. For more information, please see the "Default
user now UID 1000 instead of 999?" thread.

This change may cause problems for users who are relying on the target uid
and gid of the files in the build system's config/*_local-includes being
the same on the live image. For these users, hooks may be required to set
specific file owners. Users wishing to pre-populate /home/$USER should
migrate to using /etc/skel if possible.

(None of this affects official images, which naturally do not use local
chroot or binary includes.)


     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org

Attachment: signature.asc
Description: PGP signature

Reply to: