On 05/05/07, Sam Morris <[EMAIL PROTECTED]> wrote:
If he had relaxed permissions, then in the intervening time an attacker could have altered files and so on, in which case he's hosed anyway.
That's not the situation I'm proposing. I'm talking about a situation which you can be certain of no compromise. In the current situation there is no method for "self recovery".
Anyway, I think that there are too many files that dpkg just does not know about for this to be useful at the present time. If packages could register files that they create with dpkg (basically a standard interface for appending to $dpkg_dir/package.list) then it would be more useful.
I don't know if dpkg doesn't track enough files. It would be nice to hear about this from someone who does. I would expect that whatever file is installed on the system by dpkg to be registered in the package's file list. Adding extra information like four octal permission digits followed by uid and gid numbers would be simple enough to not break anything. I just think it doesn't hurt to add this information to the file list. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
