Re: apt-get and The_User

To: Debian-devel <debian-devel@lists.debian.org>
Subject: Re: apt-get and The_User
From: "Jonathan D. Proulx" <jon@ai.mit.edu>
Date: Mon, 27 Nov 2000 00:07:21 -0500
Message-id: <[🔎] 20001127000721.A29182@spoon.ai.mit.edu>
In-reply-to: <[🔎] 20001126194328.G3467@plato.local.lan>; from erbenson@alaska.net on Sun, Nov 26, 2000 at 07:43:28PM -0900
References: <[🔎] 3A21BD03.C1795862@canada.com> <[🔎] 20001126223001.B28606@spoon.ai.mit.edu> <[🔎] 20001126194328.G3467@plato.local.lan>

On Sun, Nov 26, 2000 at 07:43:28PM -0900, Ethan Benson wrote:

:another thing about apt-get via sudo is interactive postinst scripts,
:i have not tried this but i suspect you would be able to easily get
:a root shell when a interactive postinst runs.  in fact im sure of it,
:all it would take is a `replace modified config file?' question,
:simply choose the [d]iff option which pipes it through less which
:supports shell escapes, bingo, root shell.  

I was alittle flippant about security given the tone of the original
post.  I agree fully with the security implications here.

My point is _if_ you can trust the user not to be malicious, sudo is
fine for protecting you from a good deal of fat fingered typing that
simply giving out root leaves you open to.

If you cannot trust the user this far, first get rid of them because
there's probably a local root exploit somewhere on your machine.  If
that's not possible (or if you're simply less trusting than me :)

Build from source and introduce them to 'stow' for package management.

-Jon

Reply to:

References:
- apt-get and The_User
  - From: Mircea Luca <mluca@canada.com>
- Re: apt-get and The_User
  - From: "Jonathan D. Proulx" <jon@ai.mit.edu>
- Re: apt-get and The_User
  - From: Ethan Benson <erbenson@alaska.net>

Prev by Date: Re: Funny situation with Licq.
Next by Date: Extra initfile commands?
Previous by thread: Re: apt-get and The_User
Next by thread: Re: apt-get and The_User
Index(es):
- Date
- Thread