Hi Thijs,
I'm sorry to resurrect this from the dead. I came across this bug
looking for something completely different...
On Fri, 15 Dec 2006 14:05:00 +0100 (CET) "Thijs Kinkhorst"
<th...@debian.org> wrote:
I've seen the discussion in this bug, and I wonder whether it makes sense
to actually go the way to drop these privileges. A user running apt-get
update or apt-get upgrade is already performing many HTTP requests and
downloading numerous files from relatively untrusted sources (they are
verified after downloading), as root.
Would it make sense to change msttcorefonts for this while an admin will
already be doing this with APT?
APT uses its own much smaller special-purpose HTTP implementation. It
also spawns a sub-process just for the HTTP method which I think used to
run as an unprivileged user. On a jessie system the latter doesn't
currently happen any more but that would be a bug in APT.
As for msttcorefonts, a straightforward approach would be to have wget
output to stdout and avoid file system access by wget altogether:
# su - wgetuser -c "wget -O - $url/$file" > ./$file
I haven't tested it but this should run wget as wgetuser yet write to
./$file as root while the destination path is controlled by the shell
not wget.
Cheers,
Rene
