[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Usage of dpkg under cygwin

--- Robert Collins <robert.collins@syncretize.net> wrote:
> On Sat, 2002-10-12 at 04:06, Paul Baker wrote:
> > 
> > On Friday, October 11, 2002, at 10:27 AM, Claes Wallin wrote:
> > 
> > > Of course we need to take security seriously, but I'm not
> convinced
> > > that demanding unnecessary privileges or faking them does that.
> These
> > > files don't need to be owned by root or seem to be owned by root
> during
> > > the packaging process - we should be able to just tell tar to
> override
> > > the fs metadata. I realize that the current system works, but I
> reserve
> > > the right to call it a silly hack.
> > 
> > And tar does not let you override the fs metadata unless it thinks
> you 
> > are root. Making a custom version of tar that allowed anyone to do
> it 
> > would be a silly hack. Fakeroot is not a silly hack. Read the man
> page.
> I agree that allowing anyone to override such metadata would be a
> 'silly
> hack'. It's also a trivial one. The point is that checking for
> uid=500
> on cygwin *IS STILL BROKEN*. 

I am logging in as a normal user with local admin privs. I think even
if you log in as a normal user, 500 is the standard.

> Any NT shop that logs folk in as
> administrator is very far away from best practice. 
Sure, but that is not what I am doing. 

> Using Run As
> 'Administrator' is acceptable, but still not good. Using 'Run As'
> with
> another administrative account, one per admin, is best practice. 

That is only supported under Win2k.

> And
> that will NEVER have uid 500.
Are you sure? I will have to run some tests...

>  If you need to have a tar with root
> owned
> files, thats one thing. Any user in the Administrative users group
> can
> create root owned files, and that is what 'root user checks' should
> be
> checking for in this case.

I almost aggree. But also I should be able as a non-admin be able to
create an archive. Lets say you have a guest account to do you
compilations every night, but you dont want it to be admin.

The issue is that only the admin should be able to install system wide

The issue with the UIDS is really not very important under windows nt,
is it? Only the permissions of the files. But as soon as you take the
file out of the context of a ntfs filesystem, you lose the acls anyway.

If you tar up a directory under windows, I dont think the uids make
much differences. Once you put your .deb packages on a CDrom filesystem
for distibution, what permissions are left?


James Michael DuPont

Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More

Reply to: