also sprach Christian Jaeger <christian.jaeger@sl.ethz.ch> [2002.01.22.0111 +0100]: > Now you may say "don't build packages as root, use fakeroot instead". > Well I have always used it, and somehow thought I'm safe, but I'm > not: the permissions modes (like 4755) make it through to the real > filesystem, only the owner/group is faked. Thus I'm left with > binaries setuid *me* or setgid *my group* afterwards. That's only > slightly better than root, since I'm also the admin and once my > account is hijacked it's not far from being root. why are your build directories accessible to the world? a simple chmod 0700 ~/deb/build fixes all these problems for me, and persistently... > It seems the only way around this (currently) is to compile packages > in a directory with 0700 permissions. and? what's so wrong with that? -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck "it appears that pl/i (and its dialects) is, or will be, the most widely used higher level language for systems programming." -- j. sammet
Attachment:
pgp3mb9Whi_f7.pgp
Description: PGP signature