Control: severity -1 minor Control: tags -1 + newcomer Control: found -1 0.8.16~exp2 On Sat, Aug 15, 2015 at 05:34:20PM +0200, Jakub Wilk wrote: > Package: apt > Version: 1.0.10.1 > Tags: security > > * David Kalnischkies <david@kalnischkies.de>, 2015-08-14, 10:14: > >For the record: /usr/lib/apt/solvers/dump is the solver, just pipe in > >whatever you want and it will be written to /tmp/edsp.dump > > That doesn't sound very secure. Well, given the requirements (runable as user, pre-known location) combined with the immensive userbase of an external solver which fails all the time, that it is a silly shortcut to get the EDSP protocol data and that the only documentation this thing has – its help message – points out that it drops a file into /tmp I think most people will manage for a while so mark it newcomer. I guess it could be patched to require an environment variable to be set to a file location to write to as our usual option to provide an option isn't available. Its probably going to annoy its only real user in the universe (me) in the long run, but well, for security! ;) So, lets see who wants to get ever lasting fame by fixing a security bug in apt; its up for grabs and I will even help if asked to. btw: If it is run as root, it will even drop its privileges to user _apt in the /experimental version, so all the interesting things you could do if someone would run it as root, can't even be done, but I guess not everyone is using /experimental… Best regards David Kalnischkies
Attachment:
signature.asc
Description: Digital signature