[pkg-wine-party] Bug#486829: Bug#486829: wine: uses dpkg, which is mode 750
Aurélien GÉRÔME
ag at debian.org
Thu Jun 19 16:42:32 UTC 2008
reassign 486829 harden
severity 486829 serious
thanks
Hi,
On Wed, Jun 18, 2008 at 03:21:17PM +0200, Ove Kaaven wrote:
> Pascal A. Dupuis skrev:
> >Package: wine
> >Severity: normal
> >
> >Hello,
> >
> >the fourth line of /usr/bin/wine is
> >ARCH="`dpkg --print-architecture`"
> >
> >The problem is that dpkg is installed mode 750, as stated in
> >/var/lib/dpkg/statoverride:
> >#0 #0 0750 /usr/bin/dpkg
> >
> >this results in normal users having troubles running wine on amd64,
>
> How would you define "normal users"? Up until now, *nobody* else has
> ever had such a statoverride, and it seems like a ridiculous one. Where
> does it come from? It's certainly not a "normal" configuration.
>
> And even in this configuration, why does it cause trouble? Even if ARCH
> is unset, Wine should still start normally.
>
> >and
> >getting error message on other architectures. Shouldn't other mechanisms
> >be used to get the real arch ?
>
> It's the most robust approach so far. What else would you suggest?
>
> IMO, you should fix your system by removing this bogus statoverride and
> take steps to ensure it doesn't come back, but if you don't want to, I'm
> probably willing to accept a patch to work around broken permissions as
> necessary.
The bug submitter told us on #debian-fr this statoverride was due
to the harden package. wine is not the only package to use dpkg for
random useful harmless tasks. A user might also want to be able to
perform dpkg -c on a .deb file or whatever; and dpkg -i will require
root privileges regardless of its permissions.
If this is indeed the default behaviour of harden to setup such a
statoverride, I consider this a RC bug.
Cheers,
--
.''`. Aurélien GÉRÔME
: :' :
`. `'` Debian Developer
`- Unix Sys & Net Admin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-wine-party/attachments/20080619/8e89a364/attachment.pgp
More information about the pkg-wine-party
mailing list