also sprach Christian Jaeger <christian.jaeger@sl.ethz.ch> [2002.01.22.0111 +0100]:
> Now you may say "don't build packages as root, use fakeroot instead".
> Well I have always used it, and somehow thought I'm safe, but I'm
> not: the permissions modes (like 4755) make it through to the real
> filesystem, only the owner/group is faked. Thus I'm left with
> binaries setuid *me* or setgid *my group* afterwards. That's only
> slightly better than root, since I'm also the admin and once my
> account is hijacked it's not far from being root.
why are your build directories accessible to the world? a simple
chmod 0700 ~/deb/build fixes all these problems for me, and
persistently...
> It seems the only way around this (currently) is to compile packages
> in a directory with 0700 permissions.
and? what's so wrong with that?
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
"it appears that pl/i (and its dialects) is, or will be, the most widely
used higher level language for systems programming."
-- j. sammet
Attachment:
pgp3mb9Whi_f7.pgp
Description: PGP signature