On Thu, Oct 4, 2018 at 1:19 AM Lars Wirzenius wrote: > The problem: when a .deb package is installed, upgraded, or removed, > the maintainer scripts are run as root and can thus do anything.
anarcat wrote this related wiki page that covers this general topic: https://wiki.debian.org/UntrustedDebs The maintainer scripts are just the first problem that comes up when installing untrusted packages. There are myriad ways a package could install files that allow it to get root. setuid binaries, cron jobs, systemd units, apt keyring information, sudoers files and so on. The amount of stuff that can lead to root completely depends on the packages one already has installed. Then there are myriad other things that don't allow root that untrusted applications should not get hold of (like your private diary, some keys or passwords etc). To fully solve the problem you need a whitelist based approach that ends up something completely different like Flatpak. It might become possible to convert .debs to Flatpak using something like the ArchLinux approach for this and a future version of mmdebstrap that might allow installing sub-essential. https://wiki.archlinux.org/index.php/Flatpak#Creating_apps_with_pacman -- bye, pabs https://wiki.debian.org/PaulWise
