[packagekit] Security issue with user defined proxies
Sebastian Heinlein
glatzor at ubuntu.com
Mon Nov 16 10:49:59 PST 2009
On Mon, Nov 16, 2009 at 05:27:34PM +0000, Richard Hughes wrote:
> 2009/11/16 Sebastian Heinlein <glatzor at ubuntu.com>:
>
> > For apt it is possible to set a password for a repository, which can
> > be hidden to the normal user by only allowing root to read the config
> > file. By allowing the user to set the proxy the password gets sent to
> > the user's proxy. Which is a security issue.
>
> I'm not sure I follow. The password is a http proxy password -- surely
> you could sniff this (as a user) as it goes out on the wire. Could you
> explain how you think this is a security issue in painstaking detail
> please.
The problem are passwords for the repositories and not the ones
required for the proxy access. E.g. a repository served by apache
which requires a simple user/password authentication to access:
http://USER:SECRET@repository/
If the user configures a proxy, the complete URL including the
password will be sent to the proxy server.
The normal user is not allowed to sniff packages send by root.
> > Possible approaches:
> > - Add a separate privilege for setting the proxy
>
> See above.
Sorry, this was a very quick shot from mine.
> > - Ignoring proxies in the backend if the repository uses a password
>
> I'm not sure why ignoring proxies is a good idea.
Just one of the possible ideas. Perhaps not the one to go.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.freedesktop.org/archives/packagekit/attachments/20091116/63124ec8/attachment-0004.pgp>
More information about the PackageKit
mailing list