Bug#579028: pbuilder: installs untrusted packages without asking
Ansgar Burchardt
ansgar at 43-1.org
Sat Jul 3 15:11:13 UTC 2010
Hi,
Junichi Uekawa <dancer at netfort.gr.jp> writes:
> severity 579028 wishlist
I don't agree with this as this bug allows arbitrary code execution as
root (see below).
> Mehdi Dogguy wrote:
>> Can you please explain how this will break "all existing configurations"?
>> Does it mean that all people are using untrusted repositories when using
>> pbuilder?
Yes, it does. If you intercept and manipulate both the request for
archive metadata (Release, Packages) and later a request for a *.deb you
should be able to execute arbitrary code on the victim's host (with root
privileges). Of course you have to know which package the victim will
install and have to prepare a malicious .deb before.
Regarding local repositories: These work fine if you sign them with a
local key and make this key known to APT. When using reprepro, this
requires only generating a key, adding SignWith: [key-id] to the
configuration and calling apt-key to make the key known to APT.
Regards,
Ansgar
More information about the Pbuilder-maint
mailing list