Web lists-archives.com

Re: Limiting the power of packages




On Wed, Oct 03, 2018 at 11:30:40PM -0400, Antoine Beaupré wrote:
Yet I still think we should start fixing those problems.

+1

Yes, there are a billion things that could go wrong in the current
approach, but if we had *some* safety net, controlled in the
sources.list file, we could at least restrict what third-party packages
would do.

Not just third-party packages: this isolation feature could limit the
damage that could occur from buggy maintainer scripts in Debian's own
scripts too.

For example, there's no reason why a package like Chromium should be
able to run stuff as root.

What about running Chromium as root? Certainly not recommended, but what
are the user's expectations if they try it anyway?

I don't know whether it's still true but at some point in the past
Chromium's sandbox feature required part of it to be suid root in order
to isolate itself.

Yes well, we *could* consider rewriting Debian to be based on
appimage/flatpak/snappy

Appimage does not provide the isolation features we are discussing here.


--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄⠀⠀⠀⠀