Subject: Re: pkg_delete "Executing" output
To: Jeremy C. Reed <reed@reedmedia.net>
From: grant beattie <grant@NetBSD.org>
List: tech-pkg
Date: 02/10/2005 17:47:52
--E13BgyNx05feLLmH
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 09, 2005 at 10:44:29AM -0800, Jeremy C. Reed wrote:

> > The reason for this is one of security.  For almost all users, these
> > commands are run as the root user; the commands are taken from a file
> > in the filesystem hierarchy (which is not itself checksummed).  From a
> > security POV, I want to know what commands are being run, even if you
> > don't want to, because files can be modified, made to point to
> > additional scripts, etc.
>=20
> I am not sure how this could be useful for security. Having numerous
> "rmdir" lines scroll by makes it so nobody would want to read the output
> in the first place and it also hides any more interesting messages.

=2E. and there are hundreds, if not thousands, of operations per
pkg_add/pkg_delete that are done as root and we don't echo them all,
so the statement is self-inconsistent.

I agree it should be reverted and discussed, like any other proposed
change (and from the look of it, the vote seems to be for the way unix
has always been - "no news is good news", as someone said).

g.


--E13BgyNx05feLLmH
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)

iD8DBQFCCwOYluYOb9yiFXoRAl8NAJ4plvvn6j2/1xKu+tHQF+Bf+6PuQQCfdGuw
YAveKsN1wk7A7ug/kEUeOko=
=dEhR
-----END PGP SIGNATURE-----

--E13BgyNx05feLLmH--