Re: List of file permissions in all packges?

[Stefan Fritsch <sf@sfritsch.de>]

Hi Holger,

On Monday 07 March 2011, Holger Levsen wrote:
> On Montag, 7. März 2011, Stefan Fritsch wrote:
> > According to #431821, piuparts can already list the files created
> > by a package. Is this information stored somewhere on
> > puiparts.d.o?
> 
> no. it's been thrown away after testing. there is an option ("-B")
> though to keep this metadata though, but without looking at the
> code I'm not sure _when_ it saves the metadata, I believe after
> creating the basic chroot.

Not what I hoped for, but thanks anyway.

From reading the code, --list-installed-files would cause piuparts to 
print the file list in the log. And it has the modes/owners available 
at that time, but it would have to be modified to actually print them, 
too. 

> So I believe you would need to extend piuparts to save the metadata
> _after_ installing the package, which should be trivial. (Look at
> how the -B and -S options are implemented and then add another...)
> 
> And then you could/would need to run piuparts on the whole archive
> :)

A good start would be all packages which have a file in 
/etc/logrotate.d or depend on logrotate. But including all other 
pacakges with directories in /var/log would be interesting, too, which 
is not that easy: I just noticed that apt-file does not know about 
empty directories. And log directories tend to be empty in the package 
:-(

> P.S.: the logrotate issue I'm aware of from a QA perspective is
> #582630

It's that using logrotate on directories writable by non-root is not 
secure. There is a lengthy thread at [1] and SD's post [2] raises some 
valid points that this is not completely fixable in logrotate itself.

[1] http://seclists.org/oss-sec/2011/q1/375
[2] http://seclists.org/oss-sec/2011/q1/398

Cheers,
Stefan

PS: Please cc me, I am not subscribed.