[Aptitude-devel] Bug#750159: aptitude: Manage real and effective user ID for security

Daniel Hartwig mandyke at gmail.com
Mon Jun 2 07:49:56 UTC 2014

Package: aptitude
Version: 0.6.10-1
Severity: important
Tags: confirmed

Aptitude is often invoked using su or sudo for privileges to manage
packages.  These are not required when calling some other utilities,
such as the pager (as in 'aptitude changelog') or reportbug, or creating
and accessing user (rather than root) files.

Common practice to drop these privileges is to swap the real and
effective user ID.

More information about the Aptitude-devel mailing list