Bug#659419: pbuilder: security in pbuilder
Christoph Anton Mitterer
calestyo at scientia.net
Fri Feb 10 23:27:54 UTC 2012
Package: pbuilder
Version: 0.206
Severity: important
Hi.
Marking this as important, as it might be secrutiy relevant:
Installing potentially unverified packages is basically like posting your
root password on the internet and removing the last character.
Reading through pbuilderrc(5) I found these:
1) > PBUILDERSATISFYDEPENDSOPT=('--check-key')
> Array of flags to give to pbuilder-satisfydepends. Specifying
> --check-key here will try to verify key signatures.
What does try mean here? Can't this be changed to just fail if verification
doesn't work?
2) > APTGETOPT=('--force-yes')
> Extra flags to give to apt-get. Default is --force-yes, which
> will skip key verification of packages to be installed. Unset if
> you want to enable key verification.
If this disables key verification it should be disabled per default.
Cheers,
Chris.
btw: Some time ago, I've already reported a bug about the insecure usage
of debootstrap.
You've then added the --keyring option as default.
It seems that debbootstrap changed to do this per default itself (have a look).
So when you depend on the recent enough version, you could drop this again.
More information about the Pbuilder-maint
mailing list