Re: Limiting the power of packages
- Date: Thu, 4 Oct 2018 08:38:09 +0800
- From: Paul Wise <pabs@xxxxxxxxxx>
- Subject: Re: Limiting the power of packages
On Thu, Oct 4, 2018 at 1:19 AM Lars Wirzenius wrote:
> The problem: when a .deb package is installed, upgraded, or removed,
> the maintainer scripts are run as root and can thus do anything.
anarcat wrote this related wiki page that covers this general topic:
The maintainer scripts are just the first problem that comes up when
installing untrusted packages.
There are myriad ways a package could install files that allow it to
get root. setuid binaries, cron jobs, systemd units, apt keyring
information, sudoers files and so on. The amount of stuff that can
lead to root completely depends on the packages one already has
installed. Then there are myriad other things that don't allow root
that untrusted applications should not get hold of (like your private
diary, some keys or passwords etc).
To fully solve the problem you need a whitelist based approach that
ends up something completely different like Flatpak.
It might become possible to convert .debs to Flatpak using something
like the ArchLinux approach for this and a future version of
mmdebstrap that might allow installing sub-essential.