| 1 |
On Thu, 11 Jan 2007 11:56:09 -0500 Mike Frysinger <vapier@g.o> |
| 2 |
wrote: |
| 3 |
| On Wednesday 10 January 2007 20:01, Ciaran McCreesh wrote: |
| 4 |
| > On Wed, 10 Jan 2007 19:56:00 -0500 Mike Frysinger |
| 5 |
| > <vapier@g.o> |
| 6 |
| > | as stated in original e-mail, unattended/sandbox are just some |
| 7 |
| > | examples, not the only ones |
| 8 |
| > |
| 9 |
| > So which RESTRICT values *should* the user legitimately have to care |
| 10 |
| > about? |
| 11 |
| |
| 12 |
| On Wednesday 10 January 2007 16:40, Chris Gianelloni wrote: |
| 13 |
| > I am a user. I don't want any of my compiles executing with |
| 14 |
| > elevated privileges. I have FEATURES=userpriv. Package foo has |
| 15 |
| > RESTRICT=userpriv. I don't have ACCEPT_RESTRICT=userpriv. When I |
| 16 |
| > try to install package foo, it fails, because I don't want to allow |
| 17 |
| > RESTRICT=userpriv. |
| 18 |
|
| 19 |
Bogus argument. If an ebuild were truly doing something naughty with |
| 20 |
elevated privs, it could just do it in one of the pkg_ phases. Since |
| 21 |
userpriv isn't a security feature, there's no advantage for the end |
| 22 |
user in restricting based upon it. |
| 23 |
|
| 24 |
So again, which RESTRICT variables should the user legitimately have to |
| 25 |
care about? |
| 26 |
|
| 27 |
-- |
| 28 |
Ciaran McCreesh |
| 29 |
Mail : ciaranm at ciaranm.org |
| 30 |
Web : http://ciaranm.org/ |
| 31 |
Paludis, the secure package manager : http://paludis.pioto.org/ |
Archives