Re: List of file permissions in all packges?
Hi Holger,
On Monday 07 March 2011, Holger Levsen wrote:
> On Montag, 7. März 2011, Stefan Fritsch wrote:
> > According to #431821, piuparts can already list the files created
> > by a package. Is this information stored somewhere on
> > puiparts.d.o?
>
> no. it's been thrown away after testing. there is an option ("-B")
> though to keep this metadata though, but without looking at the
> code I'm not sure _when_ it saves the metadata, I believe after
> creating the basic chroot.
Not what I hoped for, but thanks anyway.
From reading the code, --list-installed-files would cause piuparts to
print the file list in the log. And it has the modes/owners available
at that time, but it would have to be modified to actually print them,
too.
> So I believe you would need to extend piuparts to save the metadata
> _after_ installing the package, which should be trivial. (Look at
> how the -B and -S options are implemented and then add another...)
>
> And then you could/would need to run piuparts on the whole archive
> :)
A good start would be all packages which have a file in
/etc/logrotate.d or depend on logrotate. But including all other
pacakges with directories in /var/log would be interesting, too, which
is not that easy: I just noticed that apt-file does not know about
empty directories. And log directories tend to be empty in the package
:-(
> P.S.: the logrotate issue I'm aware of from a QA perspective is
> #582630
It's that using logrotate on directories writable by non-root is not
secure. There is a lengthy thread at [1] and SD's post [2] raises some
valid points that this is not completely fixable in logrotate itself.
[1] http://seclists.org/oss-sec/2011/q1/375
[2] http://seclists.org/oss-sec/2011/q1/398
Cheers,
Stefan
PS: Please cc me, I am not subscribed.
Reply to: