FS#65401 : Separation of privileges and reducing the use of root in pacman

FS#65401 - Separation of privileges and reducing the use of root in pacman

Attached to Project: Pacman
Opened by Eli Schwartz (eschwartz) - Friday, 07 February 2020, 01:11 GMT

Task Type	Feature Request
Category	Backend/Core
Status	Unconfirmed
Assigned To	No-one
Architecture	All
Severity	Low
Priority	Normal
Reported Version	5.2.1
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	8 Chih-Hsuan Yen (yan12125) (2021-07-13) Bruno Pagani (ArchangeGabriel) (2021-01-04) Allan McRae (Allan) (2020-10-12) Lone_Wolf (Lone_Wolf) (2020-03-23) Tiago Cunha (tcunha) (2020-02-25) Magnus Boman (katt) (2020-02-19) TJ (boogiepop) (2020-02-19) Lars Beckers (extmind) (2020-02-10)
Private	No

A useful tool for reducing the scope of security bugs would be to do fewer things as root. As suggested in https://lists.archlinux.org/pipermail/pacman-dev/2020-February/024030.html

For example if the internal downloader and XferCommand were to operate as a separate user e.g. "libalpm", which had write permissions for only /var/cache/pacman/pkg, the following bug would not have been able to write anywhere on the system, and would usually fail with a permission denied error:
https://security.archlinux.org/CVE-2019-9686

The command injections in these bugs could similarly have avoided being able to run command injection *as root*, greatly reducing the scope of the damage they could do:
https://security.archlinux.org/CVE-2019-18182
https://security.archlinux.org/CVE-2019-18183

This task depends upon

Comment by TJ (boogiepop) - Wednesday, 19 February 2020, 02:34 GMT

Definitely need this.

	Tasks related to this task (0)

Duplicate tasks of this task (1)
~~FS#68201 - Separating privileged and unprivileged execution paths~~