[20207] in Kerberos_V5_Development
Re: Permissions for shared libraries in Kerberos
daemon@ATHENA.MIT.EDU (Russ Allbery)
Sat Nov 28 02:44:51 2020
From: Russ Allbery <eagle@eyrie.org>
To: Cy Schubert <Cy.Schubert@cschubert.com>
In-Reply-To: <202011280709.0AS79Aao034028@slippy.cwsent.com> (Cy Schubert's
message of "Fri, 27 Nov 2020 23:09:10 -0800")
Date: Fri, 27 Nov 2020 23:44:41 -0800
Message-ID: <87zh32gc2e.fsf@hope.eyrie.org>
MIME-Version: 1.0
Cc: krbdev@mit.edu, Ken Hornstein <kenh@cmf.nrl.navy.mil>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
Cy Schubert <Cy.Schubert@cschubert.com> writes:
> In other words some unsuspecting user might ./libkrb5.so and receive
> some strange error. As the FreeBSD package maintainer I'd revert the
> permissions back to 0644. Why? Some unsuspecting user will try something
> stupid and open a ticket. I avoid tickets.
> Expect the same from your downstream Linux distros.
Clearly not RPM-based distros, given the reported behavior of rpm, and
that's quite a lot of them!
Debian-derived distros already handle this via dh_fixperms, so it doesn't
matter what Kerberos does by default.
That does leave Arch and Gentoo (and probably others that aren't occuring
to me at the moment), but I suspect this won't be a big deal for them.
--
Russ Allbery (eagle@eyrie.org) <https://www.eyrie.org/~eagle/>
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
