diff options
author | Julian Andres Klode <jak@debian.org> | 2015-08-21 18:00:37 +0200 |
---|---|---|
committer | Julian Andres Klode <jak@debian.org> | 2015-08-27 19:50:20 +0200 |
commit | 138e0ff0f39db21178515ebad4750088c281fcb1 (patch) | |
tree | 0d38113bc5a4cb5cc7f443ac25f64030838df1f4 /test/integration | |
parent | da7cdbecff3128fb725b7fdef917d7df4a7dfaac (diff) |
Do not parse Status fields from remote sources
This could allow an attacker to mark a package as installed in a
remote package index, as long as the package was not listed in
the dpkg status file.
This way, an attacker could force the installation of a package
during a dist-upgrade, by providing two packages in an index,
an older marked as installed, and a newer - apt would "upgrade"
to the newer version.
Diffstat (limited to 'test/integration')
-rwxr-xr-x | test/integration/test-security-no-remote-status | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/test/integration/test-security-no-remote-status b/test/integration/test-security-no-remote-status new file mode 100755 index 000000000..b7cd0b0d1 --- /dev/null +++ b/test/integration/test-security-no-remote-status @@ -0,0 +1,30 @@ +#!/bin/sh +# +# Test that packages from remote sources cannot set the Status field. +# +set -e + +TESTDIR=$(readlink -f $(dirname $0)) +. $TESTDIR/framework +setupenvironment +configarchitecture 'amd64' + +TMPDIR=$(readlink -f .) + +insertpackage 'unstable' 'pretends-installed' 'all' '1' 'Status: install ok installed' +insertinstalledpackage 'really-installed' 'all' '1' +setupaptarchive + +testequal "pretends-installed: + Installed: (none) + Candidate: 1 + Version table: + 1 0 + 500 file:${TMPDIR}/aptarchive/ unstable/main amd64 Packages" aptcache policy pretends-installed + +testequal "really-installed: + Installed: 1 + Candidate: 1 + Version table: + *** 1 0 + 100 ${TMPDIR}/rootdir/var/lib/dpkg/status" aptcache policy really-installed |