[pacman-dev] Adding privilege levitation to pacman

Levente Polyak anthraxx at archlinux.org
Tue Jan 5 02:14:49 UTC 2021


WeOn January 5, 2021 1:43:32 AM GMT+01:00, Allan McRae via pacman-dev <pacman-dev at lists.archlinux.org> wrote:
>So...   I am super-anti polkit in any form for terminal based programs.
> I would be happy to use polkit in any graphical frontend, but we don't
>have one in the pacman code base!
>
>
>Lets break the problem down a bit:
>
>The areas we need root:
>a) package installation
>
>The areas we should run as a dedicated user:
>b) database download
>c) package download
>d) gpg verification (for keyring ownership)
>
>Am I missing anything?
>
>
>The rest can be run as a user.
>
>Currently, both the areas needing run as root and those that could be a
>dedicated user are well detected, so any operation requiring these at
>any stage checks for root privileges.  Any operation not requiring root
>privileges at any stage can be run as a user.  The problem is when
>there
>are combined operations!
>
>A "quick fix" would be to boot operations b-d to separate helper
>binaries, with the pacman binary offloading as necessary.  That removes
>most of our attack space.
>
>For a more complete pacman fix, note that all root (or dedicated user)
>needed operations happen first in any transaction - e.g. -Syi does the
>"y" first, so pacman could just drop root privileges as soon as those
>are done.


So far so good, but I think it's a bit more complicated 


More information about the pacman-dev mailing list