[20210] in Kerberos_V5_Development
Re: Permissions for shared libraries in Kerberos
daemon@ATHENA.MIT.EDU (Cy Schubert)
Sun Nov 29 00:09:38 2020
Message-ID: <202011281543.0ASFhLu4038164@slippy.cwsent.com>
From: Cy Schubert <Cy.Schubert@cschubert.com>
To: Russ Allbery <eagle@eyrie.org>
In-Reply-To: <87zh32gc2e.fsf@hope.eyrie.org>
MIME-Version: 1.0
Date: Sat, 28 Nov 2020 07:43:21 -0800
Cc: Cy Schubert <cy.schubert@cschubert.com>, krbdev@mit.edu,
Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: Cy Schubert <Cy.Schubert@cschubert.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
In message <87zh32gc2e.fsf@hope.eyrie.org>, Russ Allbery writes:
> Cy Schubert <Cy.Schubert@cschubert.com> writes:
>
> > In other words some unsuspecting user might ./libkrb5.so and receive
> > some strange error. As the FreeBSD package maintainer I'd revert the
> > permissions back to 0644. Why? Some unsuspecting user will try something
> > stupid and open a ticket. I avoid tickets.
>
> > Expect the same from your downstream Linux distros.
>
> Clearly not RPM-based distros, given the reported behavior of rpm, and
> that's quite a lot of them!
>
> Debian-derived distros already handle this via dh_fixperms, so it doesn't
> matter what Kerberos does by default.
I can do the same in each FreeBSD port's pkg-plist file. You could do what
you want.
Ports that use $(INSTALL), defaulting to /usr/bin/install, use 0644 by
default. But upstream software, e.g. krb5, that uses its own install
targets can be "fixed up" as discussed above. So yes, whatever you do here
doesn't have to affect my packaging of the software for FreeBSD.
>
> That does leave Arch and Gentoo (and probably others that aren't occuring
> to me at the moment), but I suspect this won't be a big deal for them.
I don't concur either but I can work around it if needed.
The reason I don't concur is: but why? Why do this in the first place? It
introduces "breakage" (in itself) for no good reason. But in the bigger
picture, I can work around this and IMO not really worth arguing about.
--
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org
NTP: <cy@nwtime.org> Web: https://nwtime.org
The need of the many outweighs the greed of the few.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
