summaryrefslogtreecommitdiff
path: root/test/integration/test-security-no-remote-status
diff options
context:
space:
mode:
authorJulian Andres Klode <jak@debian.org>2015-08-21 18:00:37 +0200
committerJulian Andres Klode <jak@debian.org>2015-08-27 19:50:20 +0200
commit138e0ff0f39db21178515ebad4750088c281fcb1 (patch)
tree0d38113bc5a4cb5cc7f443ac25f64030838df1f4 /test/integration/test-security-no-remote-status
parentda7cdbecff3128fb725b7fdef917d7df4a7dfaac (diff)
Do not parse Status fields from remote sources
This could allow an attacker to mark a package as installed in a remote package index, as long as the package was not listed in the dpkg status file. This way, an attacker could force the installation of a package during a dist-upgrade, by providing two packages in an index, an older marked as installed, and a newer - apt would "upgrade" to the newer version.
Diffstat (limited to 'test/integration/test-security-no-remote-status')
-rwxr-xr-xtest/integration/test-security-no-remote-status30
1 files changed, 30 insertions, 0 deletions
diff --git a/test/integration/test-security-no-remote-status b/test/integration/test-security-no-remote-status
new file mode 100755
index 000000000..b7cd0b0d1
--- /dev/null
+++ b/test/integration/test-security-no-remote-status
@@ -0,0 +1,30 @@
+#!/bin/sh
+#
+# Test that packages from remote sources cannot set the Status field.
+#
+set -e
+
+TESTDIR=$(readlink -f $(dirname $0))
+. $TESTDIR/framework
+setupenvironment
+configarchitecture 'amd64'
+
+TMPDIR=$(readlink -f .)
+
+insertpackage 'unstable' 'pretends-installed' 'all' '1' 'Status: install ok installed'
+insertinstalledpackage 'really-installed' 'all' '1'
+setupaptarchive
+
+testequal "pretends-installed:
+ Installed: (none)
+ Candidate: 1
+ Version table:
+ 1 0
+ 500 file:${TMPDIR}/aptarchive/ unstable/main amd64 Packages" aptcache policy pretends-installed
+
+testequal "really-installed:
+ Installed: 1
+ Candidate: 1
+ Version table:
+ *** 1 0
+ 100 ${TMPDIR}/rootdir/var/lib/dpkg/status" aptcache policy really-installed