Bug 810 - APT: run download methods with less permissions
: APT: run download methods with less permissions
: Sisyphus
(All bugs in Sisyphus/apt)
: unstable
: all Linux
: P4 enhancement
Assigned To:
  Show dependency tree
Reported: 2002-04-09 23:38 by
Modified: 2017-07-24 16:50 (History)



You need to log in before you can comment on or make changes to this bug.

Description From 2002-04-09 23:38:41
/usr/lib/apt/ftp (and others) doesn\'t need all the root\'s permissions and
access to the whole filesystem to do its job, only read access to the source
(URL, CD-ROM) and write access to the cache.

So running the download methods under a simple special user and (perhaps) in a
chrooted environment could be a security improvement.

I\'m not sure whether this would be a real important security improvement...
But the download stage seems to be the only one when the APT system has to deal
with untrusted environment like the Internet; after the downoad is complete,
the signatures of the packages can be checked and a decision made whether to
trust them.


------- Comment #1 From 2010-10-09 19:06:01 -------
Seems like requisite example in stock /etc/apt/apt.conf suffices in practice.
------- Comment #2 From 2010-10-09 19:09:14 -------
Ouch, missed the tab! (see #608)
------- Comment #3 From 2013-11-10 19:38:29 -------
apparently wontfix
------- Comment #4 From 2017-07-24 16:50:34 -------
This is about to be fixed in task #185681