%ghost .pyo

[Toshio Kuratomi]

On Wed, Dec 22, 2004 at 11:31:28AM +0800, Jeff Pitman wrote:
> On Wednesday 22 December 2004 11:24, Axel Thimm wrote:
> > On Tue, Dec 21, 2004 at 01:42:41PM -0500, Charles R. Anderson wrote:
> > > On Wed, Dec 22, 2004 at 12:52:30AM +0800, Jeff Pitman wrote:
> > > > issue, I'm wondering out loud if we should even care about
> > > > %ghost.
> > >
> > > I've heard that %ghost was on its deathbed anyway.
> >
> > Don't you need %ghost for logfiles?
> 
> Yep. %ghost is great for /var, but it seems /usr would have issues.  Is 
> it even FHS-compliant to have a program write files in /usr during 
> program execution?  If there is a compliancy issue and setup 
> complications in Tripwire or SELinux, then it seems packaging pyo is 
> the way to go.
> 
I'll have to reread the FHS to see about the letter of the FHS, but the
spirit is to enable /usr to be mounted read-only.  As python transparently
tries to create these files and has no problems if that fails, I don't see
it as violating the FHS.

I think Tripwire is the only piece that's really hurt here because
it's taking a hash of the actual file contents.  It's probably wrong to do
what rpm does and specify not to check a hash for pyo files as that would
lead to the possibility of executing pyo files placed there maliciously.
If you have set up root to do something nonstandard like running python in
optimized byte comilation mode is the onus also on you to create the pyos
so you can create tripwire hashes?  (Or set /usr ro or [untested] an SELinux
context to keep pyo's from being written?)

-Toshio