BTS

Message58

Issues
Show Unassigned
Show Release Stoppers
Show Testing candidates
Show All
Search

Login




Register
Lost your login?

Help
Roundup docs

Author matthi
Recipients maddi, mika
Date 2006-12-01.06:57:25
Content
On Wed, Nov 29, 2006 at 08:56:24PM +0000, Michael Prokop:
> /tmp/man is absolutely no option, because of security reasons and because /tmp 
> is autocleaned by default on every single (re)boot.

I have many difficulties to consider all these things sadly
until I totally understand everything that is involved which
needs time. So of course you know what to do by having the
whole core team at hand and having the overview because huge
parts were created by you.
I seem to not understand why reading the manpage in /tmp/man
is a security problem if privileges were dropped to someone
not being able to do more than reading.
And I would not even care about root not being able to use
qma [ formerly known as fma ] at all.
qma is hackish. It's better than the default reading
manpages. IMO it's no real solution and that's why i seek to
find a solution for this being the default for some future.
It probably will never work as long as we are not able to
find some big compagnions in the debian team which is.....
not possible AFAIK. That would change a much too long
tradition of using gzip for everything and whatever else is
involved. But who knows. Many people would have never
thought that compress would be replaced by gzip or gzip
replaced by bzip2 [ more memory involved ] ... and so on.

> And ~/grml/man does not exist as well on every system as user with uid 1000 
> must not be named 'grml'. And user root definitely should stay out of /home/
> $USER.

Lets not care about root, please. He should be able to use
something else or not use qma at all. Why being pressed to
read manpages as root at all? privileges dropping where at
all possible is the thing. I feel not good when reading
manpages as root at all. [ Might be a little paranoid, I am
sure ] but I would like to use an rsbac based kernel for sure
:) [ rsbac.org just for the record ]. It's a crying shame
all people talk about selinux and apparmor and too many never ever heard
about a project that has been started in the mid-nineties.

> Sorry, that's just too hackish for integration into a distribution. We have to 
> find a much cleaner solution.

I think there is not a much cleaner solution and qma is
still  too hackish.
Well after thinking about it I might drop the case of
wanting manzsh using lzop. There are much more important
issues than a little quicker manpage access :)

                Kudos, Maddi
History
Date User Action Args
2006-12-01 06:57:25matthisetrecipients: + mika
2006-12-01 06:57:25matthilinkissue19 messages
2006-12-01 06:57:25matthicreate