[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: triggerhappy

Dies schrieb Benoît Knecht (benoit.knecht@fsfe.org):

> lintian -I --pedantic actually gives a few warnings:
>   I: triggerhappy source: debian-watch-file-is-missing
>   W: triggerhappy: description-starts-with-leading-spaces
>   I: triggerhappy: init.d-script-does-not-provide-itself /etc/init.d/triggerhappy
>   P: triggerhappy: no-upstream-changelog
>   I: triggerhappy: spelling-error-in-manpage usr/share/man/man1/thd.1.gz seperated separated
>   I: triggerhappy: spelling-error-in-manpage usr/share/man/man1/thd.1.gz appropiate appropriate
> I'm also wondering if "admin" is the right section for your package;
> "utils" maybe?

Yes, that is probably a better choice.

> Oh and one last thing (keep in mind I didn't look into your package very
> thoroughly, so forgive me if it's a silly question), I saw in your
> changelog that you introduced an option to drop root privileges; why
> aren't you using it by default? From a security point of view, it would
> of course be preferable, but maybe there's another reason not to do it?

Dropping root privileges (and become nobody) might be a good idea, but it depends
on what the daemon and its triggers are used for; if they are supposed to initiate
a shutdown or configure the network, the root privileges might be missing. It also
makes hotplugging more complicated, since the daemon cannot open new devices -
although the th-cmd client is now able open the device itself and pass the open fd
through the socket to the server, provided the client program runs as root, which
is probably the case when triggered by udev.

Thank you for your review, I'll see if I can squish some of those issues.

Reply to: