Re: How to handle multiple versions of binaries

To: ferret@phonewave.net, Julian Gilbey <J.D.Gilbey@qmw.ac.uk>
Cc: debian-mentors@lists.debian.org
Subject: Re: How to handle multiple versions of binaries
From: Seth R Arnold <sarnold@willamette.edu>
Date: Sun, 12 Dec 1999 23:57:01 -0800
Message-id: <[🔎] 19991212235701.W8469@willamette.edu>
In-reply-to: <[🔎] Pine.LNX.3.96.991212230521.942A-100000@playdough.mentasm.org>; from ferret@phonewave.net on Sun, Dec 12, 1999 at 11:34:23PM -0800
References: <[🔎] 19991213022735.E21468@polya> <[🔎] Pine.LNX.3.96.991212230521.942A-100000@playdough.mentasm.org>

On Sun, Dec 12, 1999 at 11:34:23PM -0800, ferret@phonewave.net wrote:
> Disclaimer: IATTIMS

[this is a new one to me! :]

[... cutting and compressing ...]

> I'm intending to make the server a seperate package from the dataset(s),
> and to have a <package>-common package on the current assumption I'll have
> two seperate servers for a while.
> 
> The init scripts will have an option to load any datasets found under
> certain users' home directories as well.
> 
> So what it looks like at this point:
> 
> Main configuration file in /etc/<package>.conf
> ELF binaries installed in /usr/lib/<package>/
> Wrapper script installed in /usr/bin/
> "default" dataset(s) installed in /usr/share/<package>/
> Init script checks in /usr/local/games/<package>/<foo>/ and optionally
> ~/<user>/.<package>/<foo>/ for valid datasets to load.

I would like to say that an init script that loads automatically from
~<user>/.package/foo/ scares me a bit. I don't think I have any documents to
back me up on this, but It Seems To Me That having a server boot script
depend upon data in users' home directories is Very Wrong.

I suppose one could argue that an administrator wouldn't install the package
unless the administrator was willing to accept this, especially if the
server isn't part of the critical function of the server. But, many people,
when installing linux for the first time, take the approach of "Lets take it
ALL." (It took me four or five installs before I figured out this isn't
quite the best approach... :)

If the server is started as root, then there is the distinct possibility
that a buffer overflow or careless argument checking could cause commands to
be executed with root permission by being read at boot from the users' home
directories. (!!) If the server is started as a dedicated user, that isn't
as bad; it is likely to be a risk many admins wouldn't mind taking, if the
server provides enough functionality.

In summary, provide such a script if you wish, but please do not make it the
default startup script. Provide this script in the
/usr/share/doc/<package>/examples directory. (Tounge-in-cheek, no flames
needed, provided for humor only: I am not sure I would tell how to replace
the one provided in /etc/init.d -- if the admin doesn't know that, should
they be able to programmatically make such a blatant change? :)

Thanks :)

-- 
Seth Arnold | http://www.willamette.edu/~sarnold/
Hate spam? See http://maps.vix.com/rbl/ for help
Hi! I'm a .signature virus! Copy me into
your ~/.signature to help me spread!

Reply to:

Follow-Ups:
- Re: How to handle multiple versions of binaries
  - From: ferret@phonewave.net

References:
- Re: How to handle multiple versions of binaries
  - From: Julian Gilbey <J.D.Gilbey@qmw.ac.uk>
- Re: How to handle multiple versions of binaries
  - From: ferret@phonewave.net

Prev by Date: Re: How to handle multiple versions of binaries
Next by Date: Re: Confusion about package naming -- please help!
Previous by thread: Re: How to handle multiple versions of binaries
Next by thread: Re: How to handle multiple versions of binaries
Index(es):
- Date
- Thread