Bug#671726: apt: should be able to provide hook information through a named pipe

[Daniel Hartwig <mandyke@gmail.com>]

On 17 March 2013 06:56, Serafeim Zanikolas <sez@debian.org> wrote:
> Hi Francesco,
>
> On Sat, Mar 16, 2013 at 11:25:36PM +0100, Francesco Poli wrote [edited]:
>> On Sat, 16 Mar 2013 12:05:09 +0100 David Kalnischkies wrote:
> [..]
>> > Using a hook-defined fifoname rather than a random fifoname should be
>> > okay as the later isn't more secure than the former (if an attacker has
>> > root rights to write to it we are doomed anyway …)
>>
>> Please excuse my ignorance: isn't a pre-defined fifoname prone to a
>> symlink attack?
>
> It's prone only in a publicly-writable directory, which is not the case for
> /var/run.
>
>> > and in fact creating
>> > a randomly named fifo could be hard in practice …
>>
>> Isn't there anything like mkstemp(3) for named pipes?
>
> I'm not aware of any -- but we can get away without one anyway.

The data can be passed through an open fd, similar to dpkg --status-fd
argument.  Then there are no issues due to filesystems global
namespace and it removes the fs as an unrequired middle-man.

>> > I guess the apt-listbugs patch is just for testing, but I say it non-the-less:
>> > It would be good if at least apt-listbugs/wheezy would support both so we
>> > don't create backport problems that early in the (not even started) wheezy
>> > release cycle. ;)
>>
>> At this point of the wheezy freeze, I cannot introduce any change into
>> apt-listbugs/wheezy, except for those that fix important or RC bugs.

Due to this issue and current work-around for #662983, the
functionality of the package is severly downgraded.  Introducing a new
interface (named pipe or open fd) is desirable for the reasons David
says, and has potential for wheezy especially if backed by the apt
developers.

Regards