From owner-freebsd-bugs Thu May 4 12: 4:56 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from ns1.sunesi.net (ns1.sunesi.net [196.15.192.194]) by hub.freebsd.org (Postfix) with ESMTP id 3EED937C21A for ; Thu, 4 May 2000 12:04:31 -0700 (PDT) (envelope-from nbm@sunesi.net) Received: from nbm by ns1.sunesi.net with local (Exim 3.03 #1) id 12nQv5-0006FT-00; Thu, 04 May 2000 21:04:19 +0200 Date: Thu, 4 May 2000 21:04:19 +0200 From: Neil Blakey-Milner To: Nick Hibma Cc: freebsd-bugs@freebsd.org Subject: Re: bin/18373: pkg_delete shouldn't insist on root Message-ID: <20000504210419.A23799@mithrandr.moria.org> References: <20000504170054.A21029@mithrandr.moria.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from n_hibma@calcaphon.com on Thu, May 04, 2000 at 06:56:45PM +0100 Organization: Sunesi Clinical Systems X-Operating-System: FreeBSD 3.3-RELEASE i386 X-URL: http://rucus.ru.ac.za/~nbm/ Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Thu 2000-05-04 (18:56), Nick Hibma wrote: > You can't update /var/db/pkgs in that case. I think. In any case, part > of the update needs to be done as root, so pkg_delete has to switch user > every so often to do the right thing. No, it doesn't. You should read the pkg_delete man page, and look at the PKG_DBDIR environment variable, and the fact pkg_delete isn't setuid. It isn't a security concern. It doesn't let users do anything more than they usually can. It just lets them use a tool to ease automation of what they'd have to do themselves. Neil -- Neil Blakey-Milner Hacker In Chief, Sunesi Clinical Systems nbm@mithrandr.moria.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message