[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Crazy APT/dpkg suggestion (user-installable packages)



Il mer, 2002-02-06 alle 14:39, Kevin B. McCarty ha scritto:

> It would be useful to many people if regular users could install Debian 
> packages into their home directories, but this would take an immense 
> amount of effort to make practical.  This suggestion might be the next 
> best thing.  Assuming that security issues could be resolved, make apt-get 
> and/or dpkg setuid root so that the following could be implemented:
> 
> * Any user can install a package, except when:
> 	1) it would Conflict: with a package already installed by root
> 	   or by a different user
> 	2) it would make the amount of free space available on any 
> 	   partition less than some absolute size and/or percentage,
> 	   specifiable by root in a conf-file
> 	3) it appears in a list of packages that root specifies may NOT
> 	   be user-installed (/etc/packages.deny)

the user prepares a nice package with a well-chosen name and put inside
a suid shell and install it. wow! root shell gained without any effort!
nice idea... :(

> 	4) it does NOT appear in a list of packages that root specifies
> 	   may be installed (/etc/packages.allow)
 
if root can forsee the packages a user will need, she can install them
now! hd are so cheap nowdays...

[snipped the rest of this *very bad* idea.] 

giving access to dpkg to a user is just like giving it the password to
the root account. why don't you just use sudo?

-- 
Federico Di Gregorio
Debian GNU/Linux Developer & Italian Press Contact        fog@debian.org
INIT.D Developer                                           fog@initd.org
  Qu'est ce que la folie? Juste un sentiment de liberté si
   fort qu'on en oublie ce qui nous rattache au monde... -- J. de Loctra

Attachment: pgpB72GCbY3YC.pgp
Description: PGP signature


Reply to: