[Bug 1599981] [NEW] aptdaemon debconf-communicate should be running as root
Mathieu Trudel-Lapierre
mathieu.tl at gmail.com
Thu Jul 7 19:56:49 UTC 2016
Public bug reported:
aptdaemon runs as the session user. It needs to spawn debconf-
communicate to interact with the user when packages have debconf
questions; which often needs to be done as root (or otherwise have
sufficient privileges) since packages may want to prompt for passwords,
which use a different, more secure debconf database than the main config
one.
aptdaemon probably should be spawning debconf-communicate as root, at
the cost of prompting the user for a password when debconf access is
necessary.
This became readily apparent with
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1599051;
updating to a new shim which requires inputting a Secure Boot password
to disable shim validation would consistently fail due to being unable
to access password.dat (you would see errors on the command line when
update-manager is started in a terminal)
** Affects: aptdaemon (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to aptdaemon in Ubuntu.
https://bugs.launchpad.net/bugs/1599981
Title:
aptdaemon debconf-communicate should be running as root
Status in aptdaemon package in Ubuntu:
New
Bug description:
aptdaemon runs as the session user. It needs to spawn debconf-
communicate to interact with the user when packages have debconf
questions; which often needs to be done as root (or otherwise have
sufficient privileges) since packages may want to prompt for
passwords, which use a different, more secure debconf database than
the main config one.
aptdaemon probably should be spawning debconf-communicate as root, at
the cost of prompting the user for a password when debconf access is
necessary.
This became readily apparent with
https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1599051;
updating to a new shim which requires inputting a Secure Boot password
to disable shim validation would consistently fail due to being unable
to access password.dat (you would see errors on the command line when
update-manager is started in a terminal)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1599981/+subscriptions
More information about the foundations-bugs
mailing list