Re: Gentoo ebuild issues

Hi Marti,

On Sun, Nov 18, 2007 at 11:45:56PM +0200, Marti Raudsepp wrote:
> The best way to do it is to both create the user and assign ownership
> in pkg_postinst, which gets invoked on binary package installations as
> well (after the package has been merged into the file system tree).
> [2]
> 
> [2] http://devmanual.gentoo.org/ebuild-writing/functions/index.html

Thanks for the info.

> Another change I did was to change the permissions of
> /var/log/cpushare -- you most likely don't want random users to read
> cpushare log files, as they might leak important information.

Considering this is only the sell client, I don't think there can be
any important information but I'm ok with being stricter (just in case).

> And there are a two other issues I'm unsure about:
> 
> 1. As far as I can tell, cpushare is still running as root when it's
> reading the /etc/cpushare files and opening logfiles, so I don't think
> those directories should even be owned by cpushare -- running fowners
> on the cache directory alone should be sufficient?

The log files are renamed so I think the logs should be owned by
cpushare, for /etc/cpushare you may be right but I don't want to
depend on the twisted internals, I think it's ok to have it owned by
user cpushare. If /etc/cpushare directory wasn't 700 of course I'd
leave it root.root, it's just because it has to be 700 that I prefer
to be owned by cpushare just in case the setuid changes place in twisted.

> 2. Creating a cache directory within /var/log/cpushare is an abuse of
> Unix file hierarchy; distro maintainers aren't going to like this.

The cache files could also be considered logs for people curious to
look what was binaries were running in their CPUs? ;-)

I guess it should go to /var/cache instead?

> Here's the patch; I'll submit this to the Gentoo bugzilla as well:

Thanks!
-- 
cpushare-devel_X_at_X_cpushare.com mailing list - http://www.cpushare.com/
To unsubscribe, send mail to cpushare-devel-unsubscribe_X_at_X_cpushare.com