[Bug 1882098] Re: Packagekit lets user install untrusted local packages in Bionic and Focal
Seth Arnold
1882098 at bugs.launchpad.net
Sat Jun 13 01:44:30 UTC 2020
Hello Sami, Esko,
I'm not very familiar with the packagekit or policykit frameworks, so
please forgive me if I'm far off course here with these thoughts:
- Is the [tld.univ.packagekit-deny] rule necessary? I'd hope that this
permission wouldn't be granted to anyone but admins.
- Are there other rules in other files that might have granted this
permission?
- Does it matter if the test users are in no groups? just their own
username-group? adm? sudo?
- Does polkit or packagekit have a way to see which rules allow or deny
any given request?
Thanks
--
You received this bug notification because you are a member of
PackageKit-Team, which is subscribed to packagekit in Ubuntu.
https://bugs.launchpad.net/bugs/1882098
Title:
Packagekit lets user install untrusted local packages in Bionic and
Focal
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098/+subscriptions
More information about the Ubuntu-reviews
mailing list