Bug#248122: Please run wget as user nobody
Hi Thijs, I'm sorry to resurrect this from the dead. I came across this bug looking for something completely different... On Fri, 15 Dec 2006 14:05:00 +0100 (CET) "Thijs Kinkhorst"wrote: I've seen the discussion in this bug, and I wonder whether it makes sense to actually go the way to drop these privileges. A user running apt-get update or apt-get upgrade is already performing many HTTP requests and downloading numerous files from relatively untrusted sources (they are verified after downloading), as root. Would it make sense to change msttcorefonts for this while an admin will already be doing this with APT? APT uses its own much smaller special-purpose HTTP implementation. It also spawns a sub-process just for the HTTP method which I think used to run as an unprivileged user. On a jessie system the latter doesn't currently happen any more but that would be a bug in APT. As for msttcorefonts, a straightforward approach would be to have wget output to stdout and avoid file system access by wget altogether: # su - wgetuser -c "wget -O - $url/$file" > ./$file I haven't tested it but this should run wget as wgetuser yet write to ./$file as root while the destination path is controlled by the shell not wget. Cheers, Rene
Bug#248122: Please run wget as user nobody
Hi, Unless I've missed it, there's no privlege dropping, and I'd like wget to run as a normal user (specifically: nobody). This should be easily implemented, as the script is just writing to /tmp/. I've seen the discussion in this bug, and I wonder whether it makes sense to actually go the way to drop these privileges. A user running apt-get update or apt-get upgrade is already performing many HTTP requests and downloading numerous files from relatively untrusted sources (they are verified after downloading), as root. Would it make sense to change msttcorefonts for this while an admin will already be doing this with APT? Thijs
Bug#248122: Please run wget as user nobody
Hi Justin, Can I expect to see this bug fixed for etch? http://bugs.debian.org/248122 No, I'm sorry it's too late for that in the release cycle now. I've only just taken over the package and I'll make any non-trivial fixes only after etch's release. Thijs signature.asc Description: This is a digitally signed message part
Bug#248122: Please run wget as user nobody
Can I expect to see this bug fixed for etch? http://bugs.debian.org/248122 Justin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]