Re: Proposal: dpkg change: scripts in /var/lib/dpkg/tmp.ci

["Matus \"fantomas\" Uhlar" <uhlar@fantomas.sk>]

-> > well, shouldn't be this considered ad ld.so bug?
-> 
-> maybe, if it is i doubt its anywhere near trivial to fix (but im not sure
-> of that).  (don't bother with chmod -x someone already tried that on
-> -devel awhile back, be prepared to have sash already running to fix your
-> broken system)

of course i don't wannt to -x ld.so

-> > of course I know about shell scripts. But i think the main difference is
-> > shell scripts shouldn't make harm as binaries can.
-> 
-> perl is about as powerful as any C program, good luck removing perl.  

not as powerful. And i can restrict it much easier then binaries.

-> IMO trying to prevent people from running binaries is a generally
-> losing battle.  its better to protect things more fundementally, use
-> quotas and resource limits, restrict suid binaries, use nosuid,nodev
-> on most filesystems etc.

of course, but if anyone can download any binary and execute it, the
security is much worse then if not.

the thing I asked for is - to change dpkg to put scripts in directory that
won't be removed after each installation. Is that so bad?

-- 
 Matus "fantomas" Uhlar, sysadmin at NEXTRA, Slovakia; IRCNET admin of *.sk
 uhlar@fantomas.sk ; http://www.fantomas.sk/ ; http://www.nextra.sk/
 I drive way too fast to worry about cholesterol.