[packagekit] Security issue with user defined proxies
glatzor at ubuntu.com
Mon Nov 16 10:49:59 PST 2009
On Mon, Nov 16, 2009 at 05:27:34PM +0000, Richard Hughes wrote:
> 2009/11/16 Sebastian Heinlein <glatzor at ubuntu.com>:
> > For apt it is possible to set a password for a repository, which can
> > be hidden to the normal user by only allowing root to read the config
> > file. By allowing the user to set the proxy the password gets sent to
> > the user's proxy. Which is a security issue.
> I'm not sure I follow. The password is a http proxy password -- surely
> you could sniff this (as a user) as it goes out on the wire. Could you
> explain how you think this is a security issue in painstaking detail
The problem are passwords for the repositories and not the ones
required for the proxy access. E.g. a repository served by apache
which requires a simple user/password authentication to access:
If the user configures a proxy, the complete URL including the
password will be sent to the proxy server.
The normal user is not allowed to sniff packages send by root.
> > Possible approaches:
> > - Add a separate privilege for setting the proxy
> See above.
Sorry, this was a very quick shot from mine.
> > - Ignoring proxies in the backend if the repository uses a password
> I'm not sure why ignoring proxies is a good idea.
Just one of the possible ideas. Perhaps not the one to go.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 198 bytes
Desc: Digital signature
More information about the PackageKit