Bug#967857: debian-policy: [Files/Permissions and owners] files installed by package manager should not be writable

To: submit@bugs.debian.org
Subject: Bug#967857: debian-policy: [Files/Permissions and owners] files installed by package manager should not be writable
From: Ansgar <ansgar@debian.org>
Date: Tue, 04 Aug 2020 14:15:59 +0200
Message-id: <[🔎] 31584ab578b29ec6a313d645729a95286f2f3f3f.camel@43-1.org>
Reply-to: Ansgar <ansgar@debian.org>, 967857@bugs.debian.org

Package: debian-policy

Hi,

10.9 Permissions and owners currently says

| Files should be owned by root:root, and made writable only by the
| owner and universally readable (and executable, if appropriate),
| that is mode 644 or 755."

However most files shouldn't be modified as modifications will just be
lost (e.g. everything installed by the package manager that isn't
handled as a conffile).  It also gives more permissions than the
minimum needed.

I think static files should not be writable instead, so every file
under /usr (and /bin, /sbin, /lib*; or everything dpkg installs that is
not a conffile) should have 444 (or 555).

Ansgar

Reply to:

Follow-Ups:
- Bug#967857: debian-policy: [Files/Permissions and owners] files installed by package manager should not be writable
  - From: Russ Allbery <rra@debian.org>
- Bug#967857: debian-policy: [Files/Permissions and owners] files installed by package manager should not be writable
  - From: Bill Allombert <ballombe@debian.org>

Prev by Date: Bug#967428: debian-policy: Abstract of Debian Manifesto (doc ID debian-manifesto) should not use verbatim
Next by Date: Bug#967857: debian-policy: [Files/Permissions and owners] files installed by package manager should not be writable
Previous by thread: Bug#967428: marked as done (debian-policy: Abstract of Debian Manifesto (doc ID debian-manifesto) should not use verbatim)
Next by thread: Bug#967857: debian-policy: [Files/Permissions and owners] files installed by package manager should not be writable
Index(es):
- Date
- Thread