[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Well I'm back in business.



On Wed, May 09, 2007 at 03:39:20AM +0200, pizzapie_linuxanchovies wrote:
> 
> Well I'm back in business.  I restored my dpkg permissions back to normal 
> with this:
> sudo dpkg -i /var/cache/apt/archives/dpkg_1.10.28_i386.deb
> 
> Also, I figured out that the culprit that removed others' execute 
> permission on dpkg was indeed the bastille security package (at least the 
> current Sarge version of bastille).  This happens when you say yes to one 
> of bastille's first questions in interactive mode, which asks something 
> like "Do you want to set more restrictive permissions on certain admin 
> tools?".  Strangely, even if you change this answer back to no, or purge 
> bastille from your system, dpkg still keeps the more restrictive 
> permissions.  I am thinking of filing my 1st bug report ever for this, if 
> there isn't one already.
> 
> 
Bastille has some "issues".  I used a long time ago and found that it
caused breakage in subtle ways that were difficult to pin down.  It
appears you have had a similar experience :-)

I would recommend running Bastille once or twice in interactive mode,
but only to read the help texts.  Don't have it do anything.  Much of
what Bastille wants to do, you can do manually.  The advantage to doing
it manually is that you are aware of what you are doing, where it is
sometimes obscured if you automate it with Bastille.  Additionally, I
spoke with the maintainer a long time ago about integration with
dpkg-statoverride (which would allow a more "correct" changing of
permissions, among other things).

Bastille is a neat idea, but there are lots of pitfalls.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com

Attachment: signature.asc
Description: Digital signature


Reply to: