[Bug 756317] Re: Captive portals may corrupt apt package lists
Morten Welinder
terra at gnome.org
Fri Mar 21 12:48:50 UTC 2014
> "patch"
That would certainly be useful.
But seriously, complaining over semi-broken captive portals? You need a
vacation.
Fixing an unknown number, but probably hundreds of thousands, broken routers
mostly operated by non-tech-savvy people is not going to happen in a timely manner.
They will get replaced when they fail and the replacements will have a new set of
bugs.
So where do we stand?
1. APT cannot recover from receiving broken files. This is *not* just the result of
captive portals. Truncated files -- even zero-length files -- seem to cause it
trouble too.
2. Anyone with a router can stop a user from getting security updates from then on.
Just hand out an IP address and serve a broken file. Yes, that really is a security
issue.
*You* need to stop blaming the messengers. The problem here is cutting corners in
the design: putting that amount of trust on the network is not "best practices" and
hasn't been for 3-4 decades.
I probably shouldn't write all this without being constructive myself,
so here goes:
Item 1 seems to be fixable with a basic syntax check on the file. If the check fails,
toss the file and life goes on.
Item 2 is much trickier. A full fix probably requires signatures or strong checksums, i.e.,
it cannot happen in APT alone, but APT could certainly issue a "HEAD" request and
verify basic things like file length.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/756317
Title:
Captive portals may corrupt apt package lists
Status in “apt” package in Ubuntu:
Confirmed
Status in “apt” package in Debian:
New
Bug description:
I have an adsl modem which returns an html page if the adsl link is
broken. This page ends as the content of the apt cache files stored in
/var/lib/apt/lists, which breaks apt.
The only way to make apt work again is to delete all the files stored
in /var/lib/apt/lists.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/756317/+subscriptions
More information about the foundations-bugs
mailing list