[Bug 1522675] Re: Warning messages about unsandboxed downloads

Julian Andres Klode julian.klode at gmail.com
Sun Jan 8 20:09:31 UTC 2017 

Steve: Yes, the sandbox user exists to protect people from bugs in our
http protocol handler, ssl libraries, compressors, etc.

Now, why do we have to write a line about that (I'd not call that
noisy): First of all, we want scripts/programs using apt to also use
sandboxed downloading. Without a warning, they would not know about it.
Optimally, they'd download files to a temporary name, verify checksums,
and only then rename to the final location.

Second: It also protects against permission issues elsewhere.

I hope that we can one day create the files as the normal user, and
simply pass an open file descriptor to the workers, that would get rid
of permission issues entirely. But that's not very likely to happen in a
reasonable future, as sending file descriptors only works via unix
sockets and some other fancy stuff we don't use for worker
communication.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1522675

Title:
  Warning messages about unsandboxed downloads

Status in apt package in Ubuntu:
  Fix Released
Status in update-notifier package in Ubuntu:
  Confirmed
Status in apt package in Debian:
  Fix Released
Status in synaptic package in Debian:
  New

Bug description:
  Recently we got new versions for synaptic 0.82+build1 & apt 1.1.3, but
  now get that error when installing/upgrading some packages:

  Setting up libc6-dbg:amd64 (2.21-0ubuntu5) ...
  Processing triggers for libc-bin (2.21-0ubuntu5) ...
  W: Can't drop privileges for downloading as file '/root/.synaptic/tmp//tmp_cl' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

  From nautilus, i'm seeing a /root/ folder locked (x on its icon) and
  the folder is empty (no /.synaptic/ sub-folder or file), so the above
  error.

  oem at u64:~$ ls -l .synaptic
  total 4
  -rw-rw-r-- 1 oem oem   0 Aug 25 11:19 options
  -rw-rw-r-- 1 oem oem 236 Aug 25 11:19 synaptic.conf

  oem at u64:~$ ls -l /var/lib/apt/lists/
  ....
  -rw-r----- 1 root root        0 Sep 20 06:36 lock
  drwx------ 2 _apt root    16384 Sep 24 15:25 partial
  ......

  oem at u64:~$ sudo ls -l /var/lib/update-notifier/package-data-downloads/
  .....
  drwxr-xr-x 2 _apt root 4096 Sep 22 23:33 partial

  
  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: synaptic 0.82+build1
  ProcVersionSignature: Ubuntu 4.3.0-1.10-generic 4.3.0
  Uname: Linux 4.3.0-1-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.19.2-0ubuntu8
  Architecture: amd64
  CurrentDesktop: GNOME
  Date: Fri Dec  4 05:23:25 2015
  SourcePackage: synaptic
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1522675/+subscriptions

More information about the foundations-bugs mailing list