Permissions for shared libraries in Kerberos
eagle at eyrie.org
Sat Nov 28 02:44:41 EST 2020
Cy Schubert <Cy.Schubert at cschubert.com> writes:
> In other words some unsuspecting user might ./libkrb5.so and receive
> some strange error. As the FreeBSD package maintainer I'd revert the
> permissions back to 0644. Why? Some unsuspecting user will try something
> stupid and open a ticket. I avoid tickets.
> Expect the same from your downstream Linux distros.
Clearly not RPM-based distros, given the reported behavior of rpm, and
that's quite a lot of them!
Debian-derived distros already handle this via dh_fixperms, so it doesn't
matter what Kerberos does by default.
That does leave Arch and Gentoo (and probably others that aren't occuring
to me at the moment), but I suspect this won't be a big deal for them.
Russ Allbery (eagle at eyrie.org) <https://www.eyrie.org/~eagle/>
More information about the krbdev