Bug#376438: debian-policy: [PROPOSAL] maintainer scripts must not be world writable

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#376438: debian-policy: [PROPOSAL] maintainer scripts must not be world writable
From: Kari Pahula <kaol@debian.org>
Date: Mon, 03 Jul 2006 02:29:25 +0300
Message-id: <[🔎] 20060702232925.29272.30682.reportbug@sammakko.yok.utu.fi>
Reply-to: Kari Pahula <kaol@debian.org>, 376438@bugs.debian.org

Package: debian-policy
Version: 3.7.2.1
Severity: wishlist

Policy section 6.1:
          These scripts are the files <prgn>preinst</prgn>,
          <prgn>postinst</prgn>, <prgn>prerm</prgn> and <prgn>postrm</prgn> in t
he
          control area of the package.  They must be proper executable
          files; if they are scripts (which is recommended), they must
          start with the usual <tt>#!</tt> convention.  They should be
          readable and executable by anyone, and not world-writable.

I think that "maintainer scripts should not be world-writable" is too
mild, given that this would allow users run arbitrary code with root
privileges.  I propose
s/not world-writable/must not be world-writable/

Reply to:

Prev by Date: Bug#208011: my destiny
Next by Date: Fwd: Job request
Previous by thread: Re: Bug#208011: my destiny
Next by thread: Fwd: Job request
Index(es):
- Date
- Thread