retitle 568313 Suggestion: forbid the use of dpkg-statoverride when uid and gid are static thanks You're right Russ. In that scenario, there would a be a short period of time where the permissions would not be set correctly. I still think that dpkg-statoverride should be forbidden in the case where the uid and gid are static. I still don't like the idea of using statoverride for the case where uid or gid are dynamic, though. If the owner and permissions in the package binary were set to sane defaults, then that would alleviate security concerns for that window, but the permissions would still be wrong. I don't know of another way around that. Using dpkg-statoverride in postinst is a messy solution, but the only one I can think of that keeps the permissions correct during that window when the uid or gid are dynamic. -Brandon On Wed, 03 Feb 2010 15:49:39 -0800 Russ Allbery <rra@debian.org> wrote: > Brandon <winterknight@nerdshack.com> writes: > > >> If you set the permissions with chown, aren't they overwritten > >> every time the package is upgraded and then have to be reset again > > > No. You have to check for overrides first, and only chown/chmod if > > there aren't any in place. You have to do this regardless of which > > method you use. > > Your second sentence doesn't, so far as I can tell, address my point, > so maybe we're talking past each other. I'm saying that I believe > dpkg, when unpacking the package, will reset the ownership and > permissions of any files contained in that package to match what's in > the package, changing the effect of the chown in the postinst script, > unless dpkg-statoverride was used. > > >> leaving windows on every upgrade when they have the wrong > >> permissions? > > > I don't know what this means. > > If I'm correct about how this currently works, during an upgrade, a > file that's been changed with chown will have its ownership revert to > the ownership specified in the *.deb file during the unpack phase, > and then will have to be changed back to the owner the maintainer > desires in the postinst phase, just as would be the case for the > initial install. > > If dpkg-statoverride is used instead, I believe that this only happens > during the original install and upgrades then carry over the same > ownership and permissions through the unpack phase. > > -- > Russ Allbery (rra@debian.org) > <http://www.eyrie.org/~eagle/>
Attachment:
signature.asc
Description: PGP signature