Bug#702032: RFS: authprogs/0.1-1 [ITP #616126]
On Sat, Apr 13, 2013 at 1:38 PM, Alex Mestiashvili wrote:
> the one which I decided to place in /etc/default defines loglevel and
> location of authptogs.conf
> and I think that /etc/defaults is a good place for it.
> and second which can be in /etc/authprogs.conf or
> /etc/authprogs/authprogs.conf
> which actually defines what can be executed via ssh .
> Placing by default authprogs.conf ( if not defined other location in
> /etc/defaults/authprogs) to the users directory gives permission to
> setup authprogs even without having root privileges.
> The problem with this approach that if a user has no admin rights than
> he can't change the loglevel.
Hmm, ok.
> I decided to do not provide manual page so far.
Useful manual pages are a good thing to provide
> yes, its done by purpose, because the package will change and it's not
> yet ready for the unstable/experimental
> or is it a wrong approach ?
Ok, if it isn't even yet ready for experimental that seems fine.
>> /tmp/authprogs.log is a very bad place for a log file.
>
> why /tmp ? if not defined in /etc/default/authprogs than it is
> $ENV{HOME}/.ssh/authprogs.log
Firstly, FHS reasons. /var/log is defined as the place for system-wide
log files on Linux machines.
Secondly, security. Any user can write to /tmp so by using it as a
place for log files you open yourself up to /tmp symlink
vulnerabilities.
It would be much better to avoid /tmp except for truly temporary files
created using the correct tmpfile creation APIs present in the
language being used.
> I have the book, but I didn't know that there is a module for the book!
> (Perl::Critic)
> I created 2 patches fixing potentially "bad practice" code for severity
> 5 and 4.
Great, I didn't think they would be useful at all to be honest.
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: