[Pkg-mc-devel] Ready for upload?
Yury V. Zaytsev
yury at shurup.com
Fri May 21 07:33:49 UTC 2010
On Thu, 2010-05-20 at 20:54 +0200, Denis Briand wrote:
> Hello :)
> could you check this lintian warning before please ?
> W: mc: setgid-binary usr/lib/mc/cons.saver 2755 root/tty
This is the way it should be: cons.saver has to be SGID tty to have
access to /dev/vcsaX in order to work correctly.
Before there was no warning, because I was trying to set SGID in
postinstall using dpkg-statoverride, but as people reported on BTS this
is not exactly a good idea, especially since I have to do arch detection
on install time.
Also, sysadmin might wish to have his own overrides and even if he
doesn't and I'm silently adding one without his knowledge and not
removing it unless he does purge (for the reason that on uninstall time
I can't check whether this override was added by me or by the sysadmin)
this might even become a security issue.
This is of course not the end of the world, as many packages proceed in
the same way for various reasons (mediatomb, nagios3, etc.), but it's
always better to have a proper solution in place if there are no other
compelling reasons to stick to dpkg-statoverride.
Therefore, the suggested solution was to detect the arch on build time
and prevent dh_fixperms from normalizing the permissions for cons.saver,
so that it is shipped with SGID flag with the package.
We can add a custom lintian override later on, but it will take quite a
bit of time as I have no clue on how to do it, and I don't want many
people to install the flawed statoverride package in the mean time.
Yury V. Zaytsev
More information about the Pkg-mc-devel