#942051 debian-policy: [4.9] requirement to write only to /tmp, /var/tmp, ${TMPDIR} is too strict #942051
- Package:
- debian-policy
- Source:
- debian-policy
- Submitter:
- Ansgar Burchardt
- Date:
- 2019-10-10 14:48:06 UTC
- Severity:
- minor
While checking the upgrade checklist I noticed this new requirement:
+---
| 4.9
| Required targets must not write outside of the unpacked source
| package tree, except for TMPDIR, /tmp and /var/tmp.
+---
The wording is a bit too strict and should be relaxed. There are
other paths that should be fine to be written to during the build
process, for example /dev/shm, /run/lock[1], or possibly anything
below /proc/<pid> for processes spawned by the build process.
Ansgar
[1] Which I noticed is world-writable which I'm not sure should be
as users could then fill /run... Note that /run/user/<uid> has
separate filesystems to avoid this problem; but then there are
many paths below /run writable by service users which can cause
the same problems.
Hello Ansgar, Do you have example of packages that does that ? (FWIW I do not consider writing to /proc/pid to be writing. This is the same issue as with using localhost and network access.) Cheers,
Anything that uses the POSIX shared memory API (shm_open()), and notably
anything that is built using fakeroot with its default fakeroot-sysv
backend.
smcv
If you are interested in this sort of thing, <https://bugs.debian.org/942111>
is perhaps also relevant.
smcv
fakeroot is not started by debian/rules so this is outside the scope of this policy. Cheers,
Why do you think package builds should be allowed to use /run/lock? It records system state. The use of /dev/shm is an implementation detail of the shm implementation in libc. I don't think using the shm stuff counts as writing. If you take the strict approach, then writing to stdout and stderr would be forbidden as well. Regards, Bastian