reassign 486829 harden severity 486829 serious thanks Hi, On Wed, Jun 18, 2008 at 03:21:17PM +0200, Ove Kaaven wrote: > Pascal A. Dupuis skrev: > >Package: wine > >Severity: normal > > > >Hello, > > > >the fourth line of /usr/bin/wine is > >ARCH="`dpkg --print-architecture`" > > > >The problem is that dpkg is installed mode 750, as stated in > >/var/lib/dpkg/statoverride: > >#0 #0 0750 /usr/bin/dpkg > > > >this results in normal users having troubles running wine on amd64, > > How would you define "normal users"? Up until now, *nobody* else has > ever had such a statoverride, and it seems like a ridiculous one. Where > does it come from? It's certainly not a "normal" configuration. > > And even in this configuration, why does it cause trouble? Even if ARCH > is unset, Wine should still start normally. > > >and > >getting error message on other architectures. Shouldn't other mechanisms > >be used to get the real arch ? > > It's the most robust approach so far. What else would you suggest? > > IMO, you should fix your system by removing this bogus statoverride and > take steps to ensure it doesn't come back, but if you don't want to, I'm > probably willing to accept a patch to work around broken permissions as > necessary. The bug submitter told us on #debian-fr this statoverride was due to the harden package. wine is not the only package to use dpkg for random useful harmless tasks. A user might also want to be able to perform dpkg -c on a .deb file or whatever; and dpkg -i will require root privileges regardless of its permissions. If this is indeed the default behaviour of harden to setup such a statoverride, I consider this a RC bug. Cheers, -- .''`. Aurélien GÉRÔME : :' : `. `'` Debian Developer `- Unix Sys & Net Admin
Attachment:
signature.asc
Description: Digital signature