also sprach martin f krafft <madduck@debian.org> [2010.02.04.1336 +1300]:
> In short, I am in favour of forbidding use of dpkg-statoverride by
> package maintainers, unless I missed something in the above.
Further information from IRC:
< madduck> sgran: feel free to slam me down on my latest
reply to #568313 wrt the dynamic uids. ;)
< sgran> madduck: it fails for things like
/var/run/<package> where <package> runs as a dynamically created
user
< sgran> or similar things
< madduck> sgran: /var/run/<package> must not be shipped
< madduck> but /var/spool/postfix might be an example
< sgran> pick a better directory
< madduck> or /var/lib/squid
< sgran> /var/lib/clamav
< madduck> basically /var/*/*
< sgran> etc
< madduck> yeah
< madduck> otoh, I don't see a risk, really…
< madduck> i mean, the permissions are in the package, so
they won't be changed
< madduck> so all that is happening is that the new file is
root.root instead of clamav.clamav
< madduck> but between unpacking and postinst, the daemon
isn't running anyway…
< madduck> well, in most cases.
< sgran> unless of course there are multiple daemons that
all need access to a directory or something
< madduck> so there's actually a window of tightening of
security, not a window of elevated access
< sgran> unless of course the statoverride is to change
perms to 0700 or something
< madduck> sgran: the risk is that one of those daemons
won't be able to access files during that window. i think this is an
acceptable downside of an upgrade, not?
< sgran> no
< sgran> why should an upgrade break a working system?
< madduck> sgran: then the directory should be in the .deb
with 0700, no?
< sgran> have you suddnenly become Md?
< madduck> not break, but briefly suspend services.
< madduck> of course, if this windows causes breakage,
that's a different store
< madduck> but i feel that's one that would have to be
addressed in the daemon, no?
< sgran> I would guess that most daemons don't cope well
with permissions/ownerships being changed out from under them
< sgran> and it's a silly thing to do, since we don't have
to do it
< madduck> for the few seconds it takes between unpack and
postinst, that's okay if it doesn't cause permanent, damage, no?
< sgran> explain again why it's ok to do the wrong thing when it's easy to do the right thing?
< madduck> note how the proposal is about static uids
< madduck> and there it's quite simply the case that we don't need to do it.
< sgran> of course
I misunderstood the original intent and thought it was about static
uids/gids only. Helps to read the message again on the day of
replying.
--
.''`. martin f. krafft <madduck@d.o> Related projects:
: :' : proud Debian developer http://debiansystem.info
`. `'` http://people.debian.org/~madduck http://vcs-pkg.org
`- Debian - when you have better things to do than fixing systems
god is real, unless declared integer.
(dedicated to gabriel gómez)
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)