On Thu, 2021-08-12 at 08:32 +0200, Vincent Bernat wrote: > I give myself password less sudo to "apt update" (without additional > options), "apt upgrade" (same), "apt full-upgrade" (same). I was > thinking this should be safe, but now I need to check if the pager is > properly restricted when displaying NEWS file.
These are not safe to be run under `sudo` without giving the invoking user full access. As a random example: dpkg's conffile prompt offers to open a shell. For the same reason "apt install [package-name]" is unsafe as well even when you ensure that "[package-name]" only contains characters from the set [a-z0-9A-Z-] and does not start with a "-". As another example, being able to answer debconf prompts from certain packages is likely also root-equivalent. If you want unprivileged users to manage (install, remove, update) packages, then I believe PackageKit[1] tries to offer this. Ansgar [1]: https://www.freedesktop.org/software/PackageKit/