Le samedi 21 novembre 2015, 10:27:29 David Kalnischkies a écrit : > On Fri, Nov 20, 2015 at 01:42:34PM +0100, Alexandre Detiste wrote: > > Now it works .... then it fails when everything is done (?) > > Do you mean: > > > N: Can't drop privileges for downloading as file > > '/home/tchet/git/game-data-packager/soltys-en-data_1.0+44_all.deb' couldn't > > be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)
Yes, that's the one line that bugs me. > If so 'N:' is in apt-speak a notice, similar to how 'W:' is a warning > and 'E:' an error. So all this message is trying to tell you is that > this file was "downloaded" without dropping privileges (aka using user > _apt), but instead with full privileges (aka using root) as it hadn't > had enough permissions to do it 'normally' (= which is the new way as > 1.1 introduces _apt to strenghen security.) I do undertand that dropping privileges if possible is the thing to do, like sshd does with it's subprocesses. > That is most likely of no real concern to the user hence its only > a notice, but in theory at least the attack surface is bigger (local > disk you say, but what seems to be local for apt could very well be e.g. > in an NFS mountpoint or otherwise moved over a more or less secure > channel) and even in your example an evil tchet (you are root at the > moment, so who knows how nice that tchet guy is) could do bad things… > > So, as we automatically disable a security feature here we have to print > "something" to indicate this – but if you have a suggestion on how to > improve this "something" I am all ears. :) So, a world-readable location under /home wouldn't trigger this warning, but a not world-readable will. Any untrusted user can do chmod a+r on it's files, that doesn't make those any more secure/trustworthty. Maybe a warning for any file writable by anyone =! root would make more sense. Administrators doing "apt-get install /home/<...>.deb" should know what they are doing. > The message is printed as every other one right at the end – which is > a bit late, ideally it should be shown before the user is asked to > confirm the installation/download, but one bug at the time. ;) Thanks already, the 1.1 release will be great. I never did much C, so it's quite difficult to get a grip of the code. > an evil tchet Fun fact: tchet is derived from "cat (the animal)", and I do have a cat that is not evil but has that "tortitude" thing. http://consciouscat.net/2014/09/30/tortitude-unique-personality-tortoiseshell-cats-fact-fiction/ "strong-willed, a bit hot-tempered, fiercely independent, feisty and unpredictable. They’re usually very talkative" That means some paper jams and random things stolen, not much more. Regards Alexandre
signature.asc
Description: This is a digitally signed message part.
