Re: setuid/setgid binaries contained in the Debian repository.

To: debian-devel@lists.debian.org
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Matt Zimmerman <mdz@debian.org>
Date: Mon, 11 Aug 2003 17:48:19 -0400
Message-id: <[🔎] 20030811214819.GA15143@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030811203635.GB31610@evbergen.xs4all.nl>
References: <[🔎] 20030811134149.GR23819@alcor.net> <[🔎] 20030811140338.GB7413@evbergen.xs4all.nl> <[🔎] 20030811143437.GB15143@alcor.net> <[🔎] 20030811161919.GB11157@evbergen.xs4all.nl> <[🔎] 20030811173121.GL15143@alcor.net> <[🔎] 20030811182645.GB20650@evbergen.xs4all.nl> <[🔎] 20030811185805.GQ15143@alcor.net> <[🔎] 20030811192111.GD20650@evbergen.xs4all.nl> <[🔎] 20030811201624.GT15143@alcor.net> <[🔎] 20030811203635.GB31610@evbergen.xs4all.nl>

On Mon, Aug 11, 2003 at 10:36:35PM +0200, Emile van Bergen wrote:

> On Mon, Aug 11, 2003 at 04:16:24PM -0400, Matt Zimmerman wrote:
> 
> > It would be nice indeed; it also turns out to be horrifically complex
> > when you consider dependency relationships, unless you force the user to
> > install another copy of all system software in their home dir as well.
> 
> Well, dpkg should probably concatenate /var/lib/dpkg/status and
> ~/var/lib/dpkg/status internally to see if build dependencies are already
> satisfied by the global system.
> 
> Most --configure scripts should be able to search ~/lib as well as /lib,
> /usr/lib and /usr/local/lib.
> 
> I don't see how this would be prohibitively complex. Sure, there are some
> issues to be worked out, but basically comes down to allowing each user to
> add a user-specific part to the in-memory package database when running
> the package management tools.

Don't you think you are oversimplifying a bit?

You have glossed over a lot of very significant concerns:

- properly resolving dependencies in this scenario is a lot more complex
  than concatenating two status files together.  Consider Conflicts, for
  instance.  Then Replaces.  Then Provides.

- nearly every single package would need to be modified (the source code,
  not the packaging) to support relocation

- if by "--configure" you mean autoconf-generated configure scripts, most
  packages don't even use autoconf, and even if they did, autoconf doesn't
  search the way that you have described, and neither does ld.

-- 
 - mdz

Reply to:

Follow-Ups:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>

References:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Matt Zimmerman <mdz@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>

Prev by Date: Re: setuid/setgid binaries contained in the Debian repository.
Next by Date: Re: libraries being removed from the archive
Previous by thread: Re: setuid/setgid binaries contained in the Debian repository.
Next by thread: Re: setuid/setgid binaries contained in the Debian repository.
Index(es):
- Date
- Thread