[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#568313: Suggestion: forbid the use of dpkg-statoverride in postinst scripts, except for --list

retitle 568313 Suggestion: forbid the use of dpkg-statoverride when uid and gid are static

You're right Russ. In that scenario, there would a be a short period of
time where the permissions would not be set correctly.

I still think that dpkg-statoverride should be forbidden in the case
where the uid and gid are static.

I still don't like the idea of using statoverride for the case where
uid or gid are dynamic, though. If the owner and permissions in the
package binary were set to sane defaults, then that would alleviate
security concerns for that window, but the permissions would still be
wrong. I don't know of another way around that. Using dpkg-statoverride
in postinst is a messy solution, but the only one I can think of that
keeps the permissions correct during that window when the uid or gid
are dynamic.


On Wed, 03 Feb 2010 15:49:39 -0800
Russ Allbery <rra@debian.org> wrote:

> Brandon <winterknight@nerdshack.com> writes:
> >> If you set the permissions with chown, aren't they overwritten
> >> every time the package is upgraded and then have to be reset again
> > No. You have to check for overrides first, and only chown/chmod if
> > there aren't any in place.  You have to do this regardless of which
> > method you use.
> Your second sentence doesn't, so far as I can tell, address my point,
> so maybe we're talking past each other.  I'm saying that I believe
> dpkg, when unpacking the package, will reset the ownership and
> permissions of any files contained in that package to match what's in
> the package, changing the effect of the chown in the postinst script,
> unless dpkg-statoverride was used.
> >> leaving windows on every upgrade when they have the wrong
> >> permissions?
> > I don't know what this means.
> If I'm correct about how this currently works, during an upgrade, a
> file that's been changed with chown will have its ownership revert to
> the ownership specified in the *.deb file during the unpack phase,
> and then will have to be changed back to the owner the maintainer
> desires in the postinst phase, just as would be the case for the
> initial install.
> If dpkg-statoverride is used instead, I believe that this only happens
> during the original install and upgrades then carry over the same
> ownership and permissions through the unpack phase.
> -- 
> Russ Allbery (rra@debian.org)
> <http://www.eyrie.org/~eagle/>

Attachment: signature.asc
Description: PGP signature

Reply to: