Re: Introducing rlintian ("restricted lintian")

To: debian-lint-maint@lists.debian.org
Subject: Re: Introducing rlintian ("restricted lintian")
From: Jakub Wilk <jwilk@debian.org>
Date: Thu, 1 Aug 2013 13:51:33 +0200
Message-id: <[🔎] 20130801115133.GA5073@jwilk.net>
Mail-followup-to: debian-lint-maint@lists.debian.org
In-reply-to: <517460DF.802@thykier.net>
References: <20130420195249.34EF8201318C8@thykier.net> <5173DD09.2090308@thykier.net> <20130421202953.GA8422@jwilk.net> <517460DF.802@thykier.net>

* Niels Thykier <niels@thykier.net>, 2013-04-21, 23:57:

As far as I can see, aptdaemon runs lintian "as the user who initiatedthe transaction". If the concern is here that said user could causethe transaction to succeed despite local policy saying otherwise, thenrestrictions in Lintian won't help. The user could just ptrace the(r)lintian process make it do whatever he wants.
Seems like prctl + PR_SET_DUMPABLE should do do the trick here (but itwill probably be too late in rlintian).

PR_SET_DUMPABLE wouldn't help. The dumpable flag is automatically setto 0 whenever you change uid or gid, but then exec resets it to 1.

Alternative su to nobody (presuming the package is world readable)should deny a non-privileged user from ptracing lintian.

Switching to nobody (or, better, to a dedicated user), should do thetrick.


--
Jakub Wilk

Reply to:

Prev by Date: Bug#713879: [lintian] Multiarch ?
Next by Date: Bug#718563: lintian: tag service-file-is-not-a-file fails when service is linked to /dev/null
Previous by thread: Bug#713879: [lintian] Multiarch ?
Next by thread: Bug#718563: lintian: tag service-file-is-not-a-file fails when service is linked to /dev/null
Index(es):
- Date
- Thread