From 5684f71fa0f6c1b765aa53e22ca3b024c578b9c9 Mon Sep 17 00:00:00 2001 From: David Kalnischkies Date: Mon, 6 Oct 2014 14:29:53 +0200 Subject: use _apt:root only for partial directories Using a different user for calling methods is intended to protect us from methods running amok (via remotely exploited bugs) by limiting what can be done by them. By using root:root for the final directories and just have the files in partial writeable by the methods we enhance this in sofar as a method can't modify already verified data in its parent directory anymore. As a side effect, this also clears most of the problems you could have if the final directories are shared without user-sharing or if these directories disappear as they are now again root owned and only the partial directories contain _apt owned files (usually none if apt isn't running) and the directory itself is autocreated with the right permissions. --- debian/apt.postinst | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'debian/apt.postinst') diff --git a/debian/apt.postinst b/debian/apt.postinst index 01f78a1dd..b8f3edbe5 100755 --- a/debian/apt.postinst +++ b/debian/apt.postinst @@ -35,12 +35,15 @@ case "$1" in fi fi - # add unprivileged user for the apt methods - adduser --force-badname --system -home /var/empty \ - --no-create-home --quiet _apt || true - chown -R _apt:root \ - /var/lib/apt/lists \ - /var/cache/apt/archives + # add unprivileged user for the apt methods + adduser --force-badname --system -home /var/empty \ + --no-create-home --quiet _apt || true + + # deal with upgrades from experimental + if dpkg --compare-versions "$2" 'eq' '1.1~exp3'; then + # libapt will setup partial/ at runtime + chown -R root:root /var/lib/apt/lists /var/cache/apt/archives || true + fi # ensure tighter permissons on the logs, see LP: #975199 if dpkg --compare-versions "$2" lt-nl 0.9.7.7; then -- cgit v1.2.3