Jonathan Kamens <j...@kamens.us> writes:
> apt-listchanges no longer calls less by default, it calls
> sensible-pager. It feels to me like perhaps settings LESSSECURE should
> be sensible-pager's job if anybody is going to do it, not
> apt-listchanges's job. What do you think?
I'm not sure how sensible-pager could do this job, since it doesn't know
whether it is being invoked in a circumstance where secure model should be
enabled. That information is not part of its API, and enabling secure
mode whenever it is invoked seems obviously incorrect.
I assume the problem that the original bug reporter is trying to solve is
that they want to grant sudo access to run apt upgrade, but that is
equivalent to granting full root shell access because of:
apt -> apt-listchanges -> less -> !command
I think this is one of those awkward cases where there is no great place
to put this configuration, because none of those components have enough
information to know that it is appropriate. But I think the original bug
report is correct that none of the features LESSSECURE disables are likely
useful in the apt-listchanges context.
The two places where it would make sense to set this to me are in the sudo
configuration using env_file or the like, or setting it in apt-listchanges
since apt-listchanges at least knows what it is invoking the pager to do
and can make an educated guess at what UI options the user is likely to
want. I think the other pieces in the chain have even less information
and are even less suited to making this decision. Of those two options,
having apt-listchanges do it would be less obscure (it's not immediately
obvious that apt could run less), although possibly surprising.
--
Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>
