Bug 810 - APT: run download methods with less permissions
Summary: APT: run download methods with less permissions
Status: NEW
Alias: None
Product: Sisyphus
Classification: Development
Component: apt (show other bugs)
Version: unstable
Hardware: all Linux
: P4 enhancement
Assignee: Ivan Zakharyaschev
QA Contact:
Depends on:
Reported: 2002-04-09 23:38 MSD by imz
Modified: 2020-08-19 14:02 MSK (History)
9 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description imz 2002-04-09 23:38:41 MSD
/usr/lib/apt/ftp (and others) doesn\'t need all the root\'s permissions and access to the whole filesystem to do its job, only read access to the source (URL, CD-ROM) and write access to the cache.

So running the download methods under a simple special user and (perhaps) in a chrooted environment could be a security improvement.

I\'m not sure whether this would be a real important security improvement... But the download stage seems to be the only one when the APT system has to deal with untrusted environment like the Internet; after the downoad is complete, the signatures of the packages can be checked and a decision made whether to trust them.



Comment 1 Michael Shigorin 2010-10-09 19:06:01 MSD
Seems like requisite example in stock /etc/apt/apt.conf suffices in practice.
Comment 2 Michael Shigorin 2010-10-09 19:09:14 MSD
Ouch, missed the tab! (see #608)
Comment 3 Michael Shigorin 2013-11-10 19:38:29 MSK
apparently wontfix
Comment 4 Ivan Zakharyaschev 2017-07-24 16:50:34 MSK
This is about to be fixed in task #185681