Re: Reducing the attack surface caused by Berkeley DB...
- Date: Sat, 27 Jan 2018 23:39:39 +0100
- From: Lionel Debroux <lionel_debroux@xxxxxxxx>
- Subject: Re: Reducing the attack surface caused by Berkeley DB...
On 1/27/18 1:12 PM, David Kalnischkies wrote:
> On Fri, Jan 26, 2018 at 11:49:41PM +0100, Lionel Debroux wrote:
> > > Anyway, the only util in apt-utils making use of libdb is
> > > apt-ftparchive which a) isn't used much in Debian – but by some
> > > derivatives¹ and b) can operate without the backing of a db, but
> > > you don't want to run a large archive without it.
> > Could that program conceivably be split to another package ?
> Not really. apt-utils includes three tools: apt-extracttemplates,
> apt-ftparchive and apt-sortpkgs. The later two should be together and
> the first one shouldn't even exist… it exists only temporary as
> a stopgap as long as there is no dpkg tool (which would be the more
> natural place for extracting files from a deb file) for this task.
> In other words: We realized only later that its existence is
> permanent, like with all good temporary solutions.
Aha. And the page you mention shows that moving to dpkg the
functionality of apt-extracttemplates, which IIUC contributes more to
the popularity of apt-utils than the two other tools in that package,
has nontrivial work dependencies.
> Splitting packages now means that the split will reach effect at most
> in bullseye… (buster needs at least a recommends for upgraders, likely
> depends as there are tools like local-apt-repository depending on
> apt-utils to get apt-ftparchive) that might be a bit too far off for
> your case, especially as we haven't really gained anything by it. We
> just (literally) moved the problem.
Indeed, that would be literally moving the problem, though it might make
sense if it makes it easier to reach the main goals later.
But in this case, AIUI, adding support for another database backend with
suitable reliability, performance and security characteristics to
apt-ftparchive, which you hinted at earlier, would cause less disruption
than my possibly naive idea of splitting packages, wouldn't it ?
>  https://wiki.debian.org/Teams/Dpkg/RoadMap