On Fri, 16 Mar 2012, Daniel Hartwig wrote: > > severity 663910 normal > thanks
Right. That's ok with me. > > Severity: grave > > Justification: renders package unusable Thanks for the insight. > Dropping severity, package is quite usable: > > - problem only affects libpam-tmpdir users, mainly at the time of install; Yes. And that's the thing that main problem. > - daemon starts fine on reboot; I consider that unreasonable, even if that worked (as you state above). It is unreasonable to require a reboot after upgrading a daemon. Please, don't assume the user is a dummy? There's another OS for that. > - manually invoking distccd as non-root also works. Was it the distccd non-root user you had in mind, or another? > Users of libpam-tmpdir experiencing this problem can add 'TMPDIR=/tmp' > to /etc/default/distcc and then run 'invoke-rc.d distcc start'. Well, wouldn't that be exactly the opposite of what libpam-tmpdir is trying to achieve? > >> By any chance, were you installing via su? > > > > Yes. > > > > # echo $TMPDIR > > /tmp/user/0 > > Ok. So root's env is being passed from dpkg to invoke-rc.d to distccd. > > I have initially thought that somewhere along that line the env should > be cleaned a little, however, it seems that neither dpkg[1] nor > sysvinit[2] feel this is really appropriate (or practical, desirable?) > to do on their ends. > > After considering those reports, I conclude that there is some utility > to keeping the env as the admin sets it. > > The author of libpam-tmpdir recommends that daemons initiate their own > PAM session.[3] This would fix the issue with TMPDIR as well as any > other latent problems relating to PAM and local admin policy, etc.. > > Other solutions used in the wild: > - add TMPDIR=/tmp in /etc/default/distcc; > - check that TMPDIR is writable, falling back to /tmp; or > - unset TMPDIR in /etc/init.d/distcc. > > but those remove various degrees of control/convenience from the local > admin. True. So, a sustainable solution would be to have the daemon take care of securing the tmpdir it wants to chdir to, beforehand, wouldn't it? > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=631081#58 > [2] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508686#45 > [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294347#15 Cheers, -- Cristian -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
