On Fri, Nov 20, 2015 at 01:42:34PM +0100, Alexandre Detiste wrote: > Now it works .... then it fails when everything is done (?) Do you mean: > N: Can't drop privileges for downloading as file '/home/tchet/git/game-data-packager/soltys-en-data_1.0+44_all.deb' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied) If so 'N:' is in apt-speak a notice, similar to how 'W:' is a warning and 'E:' an error. So all this message is trying to tell you is that this file was "downloaded" without dropping privileges (aka using user _apt), but instead with full privileges (aka using root) as it hadn't had enough permissions to do it 'normally' (= which is the new way as 1.1 introduces _apt to strenghen security.) That is most likely of no real concern to the user hence its only a notice, but in theory at least the attack surface is bigger (local disk you say, but what seems to be local for apt could very well be e.g. in an NFS mountpoint or otherwise moved over a more or less secure channel) and even in your example an evil tchet (you are root at the moment, so who knows how nice that tchet guy is) could do bad things… So, as we automatically disable a security feature here we have to print "something" to indicate this – but if you have a suggestion on how to improve this "something" I am all ears. :) The message is printed as every other one right at the end – which is a bit late, ideally it should be shown before the user is asked to confirm the installation/download, but one bug at the time. ;) Best regards David Kalnischkies
Attachment:
signature.asc
Description: PGP signature