On Thu, 3 Jul 2003, Johnny C. Lam wrote:
> In the examples you've given above, the one for cups falls under the
> scenario I've given, where the binary package won't necessarily do the
> right thing (except by accident) because lppasswd needs to be owned by
> a user that may be created by the binary package during installation.

Right. I guess it's ok to use that for cups.

I could point out now that at least the tar that comes with 1.6.1 adjusts
file permissions to changed uids just fine (i.e. if you tar up something
that belongs to user foo with uid 17, it will still belong to user foo on
extraction, even if he has uid 42 then. Try it!), but let's leave this as
it is now.



> I think the kdebase[23] packages used to not necessarily set the
> correct mode permissions on their root-setuid binaries, so we forced
> them to be the correct mode permissions using SPECIAL_PERMS.  I'm not
> sure whether this has changed or not.

IIRC I was the one who made that change, and I'd say it's still ok to do
that in a post-install target ot so, leaving permission handling to tar as
discussed. No need for SPECIAL_PERMS there.


> Although you can certainly just
> fix the permissions in a post-install target and rely on tar/pax to do
> the right thing, I personally prefer using SPECIAL_PERMS because you
> are told during post-installation that you are installing root-setuid
> binaries.

That sounds unnecessary to me.  We don't attribute for special permissions
otherwise, and if we know something has a security problem, we should fix
it instead.

As such, the whole SETUID_ROOT_PERMS handling looks highly suspiciouys to
me, and should be left as was. Worked fine, at least.


> For the other packages that list root-setuid binaries, the root user
> and group are typically well-known and fixed IDs, so they could be
> removed.  However, keeping these lines allows for setups where, e.g.
> ROOT_USER or ROOT_GROUP is redefined by the package builder.  I don't
> tout this as a common case, and I'm not going to object if you wish
> to remove these lines.

I don't really feel like cleaning this up.

And while pointing that out, I found that both SETUID_ROOT_PERMS and
SPECIAL_PERMS are documented nowhere. I agree that the state of pkgsrc
documentation is a bit distributed over packages.7 and Packages.txt, but
that's not an excuse not to document things at all.


 - Hubert

-- 
Want to get a clue on IPv6 but don't know where to start? Try this:
* Basics -> http://www.onlamp.com/pub/a/onlamp/2001/05/24/ipv6_tutorial.html
* Setup  -> http://www.onlamp.com/pub/a/onlamp/2001/06/01/ipv6_tutorial.html
Of course with your #1 IPv6 ready operating system -> http://www.NetBSD.org/