[packagekit] Security issue with user defined proxies
Richard Hughes
hughsient at gmail.com
Mon Nov 16 09:27:34 PST 2009
2009/11/16 Sebastian Heinlein <glatzor at ubuntu.com>:
> Currently we allow the user to set the proxy of a transaction.
> Furthermore there isn't any separate privilege for setting the proxy.
org.freedesktop.packagekit.system-network-proxy-configure?
> For apt it is possible to set a password for a repository, which can
> be hidden to the normal user by only allowing root to read the config
> file. By allowing the user to set the proxy the password gets sent to
> the user's proxy. Which is a security issue.
I'm not sure I follow. The password is a http proxy password -- surely
you could sniff this (as a user) as it goes out on the wire. Could you
explain how you think this is a security issue in painstaking detail
please.
> Are there any other backends which support passwords?
They all should, especially the spawned backends.
> Possible approaches:
> - Add a separate privilege for setting the proxy
See above.
> - Add a global option to disable setting the proxy by the user
If you set ProxyHTTP in PackageKit.conf then the users proxy won't be used.
> - Ignoring proxies in the backend if the repository uses a password
I'm not sure why ignoring proxies is a good idea.
Thanks,
Richard.
More information about the PackageKit
mailing list