summaryrefslogtreecommitdiff
path: root/apt-pkg
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2016-11-25 15:15:01 +0100
committerDavid Kalnischkies <david@kalnischkies.de>2016-12-16 13:50:00 +0100
commit78db35195eddcd156130fff9ea3e895b30cbf9c3 (patch)
tree93827ea711fae53ed1923ad157cdacaa90c2b45f /apt-pkg
parentf47f4b195b4a4f8e72a6a120ed47a3d0120cd033 (diff)
reword "Can't drop priv" warning message
Note: This is a warning about disabling a security feature. It is supposed to be scary as we are disabling a security feature and we can't just be silent about it! Downloads really shouldn't happen any longer as root to decrease the attack surface – but if a warning causes that much uproar, consider what an error would do… The old WARNING message: | W: Can't drop privileges for downloading as file 'foobar' couldn't be | accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied) is frequently (incorrectly) considered to be an error message indicating that the download didn't happen which isn't the case, it was performed, but without all the security features enabled we could have used if run from some other place… The word "unsandboxed" is chosen as the term 'sandbox(ed)' is a common encounter in feature lists/changelogs and more people are hopefully able to make the connection to 'security' than it is the case for 'privilege dropping' which is more correct, but far less known. Closes: #813786 LP: #1522675
Diffstat (limited to 'apt-pkg')
-rw-r--r--apt-pkg/acquire.cc4
1 files changed, 2 insertions, 2 deletions
diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc
index 9ceb507f6..ac925e72e 100644
--- a/apt-pkg/acquire.cc
+++ b/apt-pkg/acquire.cc
@@ -622,7 +622,7 @@ static void CheckDropPrivsMustBeDisabled(pkgAcquire const &Fetcher)
// if destination file is inaccessible all hope is lost for privilege dropping
if (IsAccessibleBySandboxUser((*I)->DestFile, true) == false)
{
- _error->WarningE("pkgAcquire::Run", _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
+ _error->WarningE("pkgAcquire::Run", _("Download is performed unsandboxed as root as file '%s' couldn't be accessed by user '%s'."),
(*I)->DestFile.c_str(), SandboxUser.c_str());
_config->Set("APT::Sandbox::User", "");
break;
@@ -639,7 +639,7 @@ static void CheckDropPrivsMustBeDisabled(pkgAcquire const &Fetcher)
if (IsAccessibleBySandboxUser(source.Path, false) == false)
{
- _error->NoticeE("pkgAcquire::Run", _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
+ _error->NoticeE("pkgAcquire::Run", _("Download is performed unsandboxed as root as file '%s' couldn't be accessed by user '%s'."),
source.Path.c_str(), SandboxUser.c_str());
_config->CndSet("Binary::file::APT::Sandbox::User", "root");
_config->CndSet("Binary::copy::APT::Sandbox::User", "root");