[xen-tools-discuss] Security concerns with calling "apt-get --force-yes"
Axel Beckert
abe at deuxchevaux.org
Wed Jan 28 14:31:51 CET 2015
Hi,
On Wed, Jan 28, 2015 at 11:57:43AM +0100, Sebastian Pipping wrote:
> If I am not mistaken, --force-yes makes apt-get ignore GPG verification
> errors which may lead to installation of malicious Debian packages in a
> man-in-the-middle scenario.
It's currently not clear to me if it would indeed do this.
> "man apt-get" says about "--force-yes":
>
> --force-yes
> Force yes; this is a dangerous option that will cause apt to
> continue without prompting if it is doing something potentially
> harmful. It should not be used except in very special situations.
> Using force-yes can potentially destroy your system!
This sounds rather appropriate here. The process should either abort
or succeed, but never ask questions.
At least the case you mentioned would surely abort without
--assume-yes:
-y, --yes, --assume-yes
Automatic yes to prompts; assume "yes" as answer to all
prompts and run non-interactively. If an undesirable
situation, such as changing a held package, trying to
install a unauthenticated package or removing an essential
package occurs then apt-get will abort. Configuration Item:
APT::Get::Assume-Yes.
Hold packages shouldn't happen upon an installation from scratch, and
aborting upon unauthenticated packages is surely desirable. (Maybe
with some override functionality.)
> My current suggestion would be to remove the --force-yes parameter.
If this indeed causes unauthenticated packages to be installed, this
is probably the correct fix. Otherwise I'm rather reluctant to remove
that option.
I'll check. Thanks for the report!
Kind regards, Axel
--
/~\ Plain Text Ribbon Campaign | Axel Beckert
\ / Say No to HTML in E-Mail and News | abe at deuxchevaux.org (Mail)
X See http://www.nonhtmlmail.org/campaign.html | abe at noone.org (Mail+Jabber)
/ \ I love long mails: http://email.is-not-s.ms/ | http://abe.noone.org/ (Web)
More information about the xen-tools-discuss
mailing list