Re: Limiting the power of packages
- Date: Sun, 7 Oct 2018 22:20:45 +0300
- From: Adrian Bunk <bunk@xxxxxxxxxx>
- Subject: Re: Limiting the power of packages
On Wed, Oct 03, 2018 at 08:19:17PM +0300, Lars Wirzenius wrote:
> A suggestion: we restrict where packages can install files and what
> maintainer scripts can do. The default should be as safe as we can
> make it, and packages that need to do things not allowed by the
> default should declare they that they intend to do that.
The most common real world problem is actually a popular 3rd party
repository that provides slightly modified versions of several libraries
in Debian, and their version has an epoch added.
There are plenty of incoming bugs in Debian where a still installed
"ancient but with epoch" version of such a library is the cause.
We cannot realistically make installing random 3rd parties safe, the
only proper handling is that we continue to consider this unsupported
And for malicious packages the user would anyways still run into
a variant of https://xkcd.com/1200/ since the user will surely
want to run the installed software.
For leaf software like Skype or Chrome, approaches like flatpak where
software can be installed by non-root users and then runs confined
have a more realistic chance of being able to becoming a good solution.
"Is there not promise of rain?" Ling Tan asked suddenly out
of the darkness. There had been need of rain for many days.
"Only a promise," Lao Er said.
Pearl S. Buck - Dragon Seed