Bug 469963
| Summary: | usability: don't ask for permission to copy something to temp | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Máirín Duffy <duffy> | ||||
| Component: | PackageKit | Assignee: | Richard Hughes <richard> | ||||
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 10 | CC: | lmacken, rhughes, richard, robin.norwood, tuxbrewr | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-12-08 13:08:01 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Well, this bug is sort-of fixed upstream:
commit 838241d093a7be7600d05d35d02b6e6050904b28
Author: Richard Hughes <richard>
Date: Fri Oct 31 17:25:56 2008 +0000
bugfix: fix the interaction when installing local files by only showing the copy dialog for non-native paths.
This makes any user installing things from $HOME not get that horrible copy dialog, rather just the users installing files from $HOME/.gvfs or other FUSE mounts. We have to show a UI for FUSE mounts, as even root can't read the file mounted by FUSE.
You are correct in saying this is a security warning, so I'm not sure this is a good idea to have a "don't show me again". Maybe I'm being paranoid. I guess a GConf key can't hurt, it's the default we need to argue on. :-)
commit 8a0937db1541fe6fbc5469ca9b1c54c2fc564048
Author: Richard Hughes <richard>
Date: Wed Nov 5 08:56:15 2008 +0000
bugfix: add a GConf key /apps/gnome-packagekit/show_copy_confirm to allow
distributions to choose whether to show the copy from FUSE dialog. Also show
a copy progress bar with an aync handler. Affects rh#469963
Also, we're not using /tmp anymore, we're using $HOME/.PackageKit/cache as /tmp as Colin pointed out /tmp might not be secure if the file is not opened exclusively.
Hi Richard! I like how it's being handled upstream as you described it. I think that's a big improvement. I'm not sure how copying the package is a security issue if it's being copied from a FUSE mount to a directory inside your home directory? (I understand with /tmp as that's viewable to all users) Right, I agree with you that it's no longer a just-to-be-safe security thing. Maybe we can nuke the question completely. PackageKit-0.3.10-1.fc10,gnome-packagekit-0.3.10-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/PackageKit-0.3.10-1.fc10,gnome-packagekit-0.3.10-1.fc10 PackageKit-0.3.10-1.fc10, gnome-packagekit-0.3.10-1.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update PackageKit gnome-packagekit'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/f10/FEDORA-2008-10000 This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle. Changing version to '10'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping kpackagekit-0.3.1-6.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update kpackagekit'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-10175 PackageKit-0.3.11-2.fc10,gnome-packagekit-0.3.11-2.fc10,kpackagekit-0.3.1-7.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/PackageKit-0.3.11-2.fc10,gnome-packagekit-0.3.11-2.fc10,kpackagekit-0.3.1-7.fc10 kpackagekit-0.3.1-7.fc10, PackageKit-0.3.11-3.fc10, gnome-packagekit-0.3.11-3.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update kpackagekit PackageKit gnome-packagekit'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-10610 PackageKit-0.3.11-4.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/PackageKit-0.3.11-4.fc10 PackageKit-0.3.11-4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. kpackagekit-0.3.1-7.fc10, PackageKit-0.3.11-3.fc10, gnome-packagekit-0.3.11-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 322493 [details] screenshot of tmp copy dialog Description of problem: (see attached screenshot) When you install a package from a private directory such as your home directory, package kit asks you if it's okay to copy the package to a temporary location in order to install it. Why do I need to give package kit permission to copy to /tmp when I already told Package Kit I'd like this package installed? I'd like Package Kit to get on with its business of installing the package without informing and prompting me in this level of detail about the operations it needs to complete to get its job done. In context of this particular package installation, I had to click an OK button on five separate dialog windows before I could install this one package. (this warning dialog, root password dialog, unsigned package warning dialog, etc. etc. etc.) I could see if a package post script had some kind of password embedded in it or if the RPM had some other type of sensitive material in it. This seems a very rare edge case handled in a way that would affect far more users than it would help, though. If this dialog must be kept, though, I would suggest: 1) Putting some information in the dialog to let me know why I would even care. For example, "Risk: If there is sensitive information (such as passwords) in this RPM, it will be made available to any users of this system with access /tmp" (obviously needs better wording) 2) Allowing me to tell PackageKit I don't want to see this dialog again. E.g. a check box that says, "I don't install RPMs with sensitive information in them. Please don't display this warning dialog again." 3) Some sort of Gconf preference to enable/disable this warning, and I would suggest for home users this be disabled by default but it be suggested to be enabled by default for enterprise users in some sort of sysadmin desktop security guide. (I don't know if one exists but it sounds like a good idea) 4) Copy it to /tmp then immediately delete it when you're done with it. Version-Release number of selected component (if applicable): PackageKit-0.3.9-3.fc10.x86_64 How reproducible: Very. Steps to Reproduce: 1. Download an RPM and save it to your home directory. 2. Double click the RPM in nautilus and an install package? dialog should pop up, click to install the package 3. Package kit will pop up the dialog in the attached screenshot