[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: pkgsrc/mk
On Wed, Nov 04, 2009 at 04:01:36PM +0100, Joerg Sonnenberger wrote:
> On Wed, Nov 04, 2009 at 02:54:48PM +0000, Alistair Crooks wrote:
> > On Wed, Nov 04, 2009 at 03:50:10PM +0100, Joerg Sonnenberger wrote:
> > > On Wed, Nov 04, 2009 at 02:45:30PM +0000, Alistair Crooks wrote:
> > > > No, there are some instances when that won't work, but they are
> > > > corner cases. The Solaris support was written on a network with
> > > > NIS+, and your assumption above does not always hold for that.
> > >
> > > That will fail for a number of packages already, e.g. as soon as
> > > root has to modify anything in WRKDIR. That is more common than one
> > > would expect.
> > With your change, yes, that would be the case.
> No, I mean with or without this change. If root doesn't have write
> access to 644 files or 755 directories, a number of (important) packages
> would have failed in such a setup already. Those that set
> PRIVILEGED_STAGES=clean are the most noticable example, but many others
> fall into this categorie as well. Or does Solaris in such an example
> disallow access to 700, but creation or modifications of files?
It's a bit hazy right now, but when I added the just-in-time su,
privileges were elevated for as short a time as possible. My memory
is that all files were created as the ordinary user, and root just
installed those files in the destination directory. This pre-dates
buildlink, though, so things may well have changed.
Main Index |
Thread Index |