Re: Usage of dpkg under cygwin
On Sat, 2002-10-12 at 01:27, Claes Wallin wrote:
> Of course we need to take security seriously, but I'm not convinced
> that demanding unnecessary privileges or faking them does that. These
> files don't need to be owned by root or seem to be owned by root during
> the packaging process - we should be able to just tell tar to override
> the fs metadata. I realize that the current system works, but I reserve
> the right to call it a silly hack.
Yep, and requiring root ownership during package creation adds *nothing*
to security, because anyone with 30 mins to spare can create a tar that
allows arbitrary user ownership during creation.
Rob
Reply to: