[Bug 1035207] Re: passwordless install of webapps (based on repo whitelist)

Marc Deslauriers marc.deslauriers at canonical.com
Tue Aug 14 16:33:08 UTC 2012 

There are two requests in this bug, the first being to add whitelist
functionality to aptdaemon, and the second is to add a webapps
repository to that whitelist. I will address them separately.

Aptdaemon:

I believe adding the whitelist functionality to aptdaemon is reasonable.
This would also permit enterprise environments to allow their users to
install a pre-approved subset of  optional packages. Perhaps two
whitelists and policykit rights should be added, one for users in the
admin group, and a second for regular users who are logged into the
console.

Webapps repo whitelist:

We would tolerate being able to install webapp packages without a
password with the following caveats:

1- Installing without a password is limited to users in the "admin" group. 
2- The repository whitelist for aptdaemon is shipped in a separate "webapps"-named package, and not part of the aptdaemon package. 
3- Up-to-date documentation for the exact steps required for auditing the security of contributed webapp scripts. This needs to be written by someone familiar with the intricacies of how the scripts are integrated in the browser security model and how the webapps functionality was implemented.
4- An webapp script security scanning tool that can detect basic security flaws, and can be updated with new flaws as they are discovered. 
5- A policy in place to systematically audit new webapp scripts and improvements to existing webapp scripts using the documentation and the scanning tool before they are accepted into the repository. 
6- Tracking of a "sign-off" procedure to determine when the security auditing of contributed scripts was performed, by who, and with what revision of the auditing documentation and script. 

The security team also reserves the right to remove the password
exception at its discretion in the case where webapp scripts are used to
facilitate malware attacks.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptdaemon in Ubuntu.
https://bugs.launchpad.net/bugs/1035207

Title:
  passwordless install of webapps (based on repo whitelist)

Status in “aptdaemon” package in Ubuntu:
  Triaged

Bug description:
  For the unity-webapps work the webapps team would like to install packages that only contain unity-webapps
  passwordless for a better user experience. They are regular packages but of a very simple form, essentially
  just a javascript file and a icon and no maintainer scripts.

  My proposal would be to add a new class of policykit action "org.debian.apt.install-package-whitelisted" that
  we can override the permissons via /var/lib/polkit-1/localauthority/10-vendor.d/com.ubuntu.desktop.pkla (policykit-desktop-privileges) similar to what we did with "org.debian.apt.upgrade-packages".

  The whitelist of the repository would be based on "Origin,Components" and packagename regexp. So something like:
  (LP-PPA-app-review-board, main, ^unity-webapps-.*") for the webapps case.

  Does that looks like a good approach to you?

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1035207/+subscriptions

More information about the foundations-bugs mailing list