Looking at Package Management for Karmic or Karmic+1

[Matt Wheeler]

2009/4/5 John McCabe-Dansted <gmatht at gmail.com>:
> Adding something like
>   %sudo ALL=NOPASSWD: aptitude update
> to the sudoers gives almost the right rights. If there is no user
> input into aptitude, then this does not add any new such security
> holes.

/usr/bin/aptitude would be safer, but yes.

> However, Update-manager allows the user to unselect updates. So to
> allow non-root users to do a selective upgrade, we'd have to pass in
> the packages to update, running a risk that these package names are
> malicious and cause Update-manager to do something bad. I imagine this
> risk could be made quite small

What I'm talking about is unknown security holes, which unfortunately lots of apps seem to have. Is the risk of any being present sufficiently small?
Does using sudo rather than suid bit have any advantages security wise (apart from the obvious limits on which users can run the program)?

> Still, an overnight auto-update seems like a sensible default for
> novice users who don't need or want to know what an update is. This is
> what I set my computer too when I am overseas and leave my computer on
> for family to use.

I agree, I think automatic updates are a good idea in general.
Perhaps there are ways of getting around the issues people have mentioned with updates stopping current processes from working properly? I don't know but it seems like that would mean changes to the way dpkg works (or at least some clever scheduling by apt(itude).


-- 
Matt Wheeler
m at funkyHat.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 270 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20090405/daa5756c/attachment.sig>