summaryrefslogtreecommitdiff
path: root/test/integration/test-cve-2013-1051-InRelease-parsing
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2014-10-06 14:29:53 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2014-10-07 01:59:49 +0200
commit5684f71fa0f6c1b765aa53e22ca3b024c578b9c9 (patch)
tree254ce22743ac9c457268bacba6a8e504bd5174cb /test/integration/test-cve-2013-1051-InRelease-parsing
parent04a54261afd1c99686109f102afc83346c01c930 (diff)
use _apt:root only for partial directories
Using a different user for calling methods is intended to protect us from methods running amok (via remotely exploited bugs) by limiting what can be done by them. By using root:root for the final directories and just have the files in partial writeable by the methods we enhance this in sofar as a method can't modify already verified data in its parent directory anymore. As a side effect, this also clears most of the problems you could have if the final directories are shared without user-sharing or if these directories disappear as they are now again root owned and only the partial directories contain _apt owned files (usually none if apt isn't running) and the directory itself is autocreated with the right permissions.
Diffstat (limited to 'test/integration/test-cve-2013-1051-InRelease-parsing')
0 files changed, 0 insertions, 0 deletions