Bug 810

Summary: APT: run download methods with less permissions
Product: Sisyphus Reporter: imz <vanyaz>
Component: aptAssignee: Ivan Zakharyaschev <imz>
Status: NEW --- QA Contact:
Severity: enhancement    
Priority: P4 CC: boyarsh, glebfm, imz, ldv, mike, msp, placeholder, svd, voins
Version: unstable   
Hardware: all   
OS: Linux   

Description imz 2002-04-09 23:38:41 MSD
/usr/lib/apt/ftp (and others) doesn\'t need all the root\'s permissions and access to the whole filesystem to do its job, only read access to the source (URL, CD-ROM) and write access to the cache.

So running the download methods under a simple special user and (perhaps) in a chrooted environment could be a security improvement.

I\'m not sure whether this would be a real important security improvement... But the download stage seems to be the only one when the APT system has to deal with untrusted environment like the Internet; after the downoad is complete, the signatures of the packages can be checked and a decision made whether to trust them.



Comment 1 Michael Shigorin 2010-10-09 19:06:01 MSD
Seems like requisite example in stock /etc/apt/apt.conf suffices in practice.
Comment 2 Michael Shigorin 2010-10-09 19:09:14 MSD
Ouch, missed the tab! (see #608)
Comment 3 Michael Shigorin 2013-11-10 19:38:29 MSK
apparently wontfix
Comment 4 Ivan Zakharyaschev 2017-07-24 16:50:34 MSK
This is about to be fixed in task #185681