Public bug reported: aptdaemon runs as the session user. It needs to spawn debconf- communicate to interact with the user when packages have debconf questions; which often needs to be done as root (or otherwise have sufficient privileges) since packages may want to prompt for passwords, which use a different, more secure debconf database than the main config one.
aptdaemon probably should be spawning debconf-communicate as root, at the cost of prompting the user for a password when debconf access is necessary. This became readily apparent with https://bugs.launchpad.net/ubuntu/+source/shim-signed/+bug/1599051; updating to a new shim which requires inputting a Secure Boot password to disable shim validation would consistently fail due to being unable to access password.dat (you would see errors on the command line when update-manager is started in a terminal) ** Affects: aptdaemon (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1599981 Title: aptdaemon debconf-communicate should be running as root To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1599981/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
