diff options
author | David Kalnischkies <david@kalnischkies.de> | 2014-10-06 14:29:53 +0200 |
---|---|---|
committer | David Kalnischkies <david@kalnischkies.de> | 2014-10-07 01:59:49 +0200 |
commit | 5684f71fa0f6c1b765aa53e22ca3b024c578b9c9 (patch) | |
tree | 254ce22743ac9c457268bacba6a8e504bd5174cb /test/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted | |
parent | 04a54261afd1c99686109f102afc83346c01c930 (diff) |
use _apt:root only for partial directories
Using a different user for calling methods is intended to protect us
from methods running amok (via remotely exploited bugs) by limiting what
can be done by them. By using root:root for the final directories and
just have the files in partial writeable by the methods we enhance this
in sofar as a method can't modify already verified data in its parent
directory anymore.
As a side effect, this also clears most of the problems you could have
if the final directories are shared without user-sharing or if these
directories disappear as they are now again root owned and only the
partial directories contain _apt owned files (usually none if apt isn't
running) and the directory itself is autocreated with the right
permissions.
Diffstat (limited to 'test/integration/test-bug-617690-allow-unauthenticated-makes-all-untrusted')
0 files changed, 0 insertions, 0 deletions