[Aptitude-devel] Bug#750159: aptitude: Manage real and effective user ID for security
Daniel Hartwig
mandyke at gmail.com
Mon Jun 2 07:49:56 UTC 2014
Package: aptitude
Version: 0.6.10-1
Severity: important
Tags: confirmed
Aptitude is often invoked using su or sudo for privileges to manage
packages. These are not required when calling some other utilities,
such as the pager (as in 'aptitude changelog') or reportbug, or creating
and accessing user (rather than root) files.
Common practice to drop these privileges is to swap the real and
effective user ID.
More information about the Aptitude-devel
mailing list