Looking at Package Management for Karmic or Karmic+1
Matt Wheeler
m at funkyhat.org
Sat Apr 4 03:11:32 UTC 2009
2009/4/4 Remco <remco47 at gmail.com>:
> That's a different idea though. My idea is that having to provide a
> password is an unnecessary hurdle to people. Why must a password be
> provided to start the update process? A policy could be made to allow
> the update manager to do its thing without passwords.
Unless I'm mistaken update-manager would have to be rock-solid
security wise in that case. By it's nature it needs write access to
every file (at least every file outside of /home), and ability to stop
and start running processes in order to work properly (so setuid root,
right?).
I think if it were practical that would be a good move, as long as all
archives are signed I don't think much can go wrong on that side of
it, but can we trust update-manager not to break and give someone
privileges they shouldn't have? I don't know, maybe we can, I just
think it's worth being very careful about it.
--
Matt Wheeler
m at funkyHat.org
More information about the Ubuntu-devel-discuss
mailing list