On Fri, Aug 24, 2012 at 07:23:57AM +0200, Harald Dunkel wrote: > It would be very nice if dpkg could manage system users and groups > created for each package. > > At the moment I've got GID 105 for dbus on host A, while 105 is > used for saned on host B (just as an example). This is a severe > problem when A's root partition is visible somehow on B, e.g. > on a central backup server, or on an LXC server managing the > client rootfs in its own name space. > > I would like to tell dpkg to use GID 105 for the dbus package on > all systems. If there is a conflict with an existing entry in > /etc/passwd or /etc/group, then it should refuse to install.
I have another use case for this: root-less .deb installs. While *in general* one needs root to run `dpkg -i`, most packages (75%) don't *actually* need arbitrary code to be ran as root to be installed[1]. By making user creation declarative, we could lower that number quite a bit, I believe. So my use case here is to reduce the attack surface for intrusions through untrusted .debs. I have documented various attack vectors here: https://wiki.debian.org/UntrustedDebs ... and this is clearly one of them. :) A. [1]: https://nthykier.wordpress.com/2016/04/26/putting-debian-packages-in-labelled-boxes/
signature.asc
Description: Digital signature
