1 |
On Thu, 11 Jan 2007 11:56:09 -0500 Mike Frysinger <vapier@g.o> |
2 |
wrote: |
3 |
| On Wednesday 10 January 2007 20:01, Ciaran McCreesh wrote: |
4 |
| > On Wed, 10 Jan 2007 19:56:00 -0500 Mike Frysinger |
5 |
| > <vapier@g.o> |
6 |
| > | as stated in original e-mail, unattended/sandbox are just some |
7 |
| > | examples, not the only ones |
8 |
| > |
9 |
| > So which RESTRICT values *should* the user legitimately have to care |
10 |
| > about? |
11 |
| |
12 |
| On Wednesday 10 January 2007 16:40, Chris Gianelloni wrote: |
13 |
| > I am a user. I don't want any of my compiles executing with |
14 |
| > elevated privileges. I have FEATURES=userpriv. Package foo has |
15 |
| > RESTRICT=userpriv. I don't have ACCEPT_RESTRICT=userpriv. When I |
16 |
| > try to install package foo, it fails, because I don't want to allow |
17 |
| > RESTRICT=userpriv. |
18 |
|
19 |
Bogus argument. If an ebuild were truly doing something naughty with |
20 |
elevated privs, it could just do it in one of the pkg_ phases. Since |
21 |
userpriv isn't a security feature, there's no advantage for the end |
22 |
user in restricting based upon it. |
23 |
|
24 |
So again, which RESTRICT variables should the user legitimately have to |
25 |
care about? |
26 |
|
27 |
-- |
28 |
Ciaran McCreesh |
29 |
Mail : ciaranm at ciaranm.org |
30 |
Web : http://ciaranm.org/ |
31 |
Paludis, the secure package manager : http://paludis.pioto.org/ |