Bug 469963 - usability: don't ask for permission to copy something to temp
usability: don't ask for permission to copy something to temp
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: PackageKit (Show other bugs)
10
All Linux
medium Severity medium
: ---
: ---
Assigned To: Richard Hughes
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-04 17:15 EST by Máirín Duffy
Modified: 2008-12-08 08:08 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-12-08 08:08:01 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
screenshot of tmp copy dialog (73.31 KB, image/png)
2008-11-04 17:15 EST, Máirín Duffy
no flags Details

  None (edit)
Description Máirín Duffy 2008-11-04 17:15:50 EST
Created attachment 322493 [details]
screenshot of tmp copy dialog

Description of problem:

(see attached screenshot)

When you install a package from a private directory such as your home directory, package kit asks you if it's okay to copy the package to a temporary location in order to install it.

Why do I need to give package kit permission to copy to /tmp when I already told Package Kit I'd like this package installed? I'd like Package Kit to get on with its business of installing the package without informing and prompting me in this level of detail about the operations it needs to complete to get its job done. In context of this particular package installation, I had to click an OK button on five separate dialog windows before I could install this one package. (this warning dialog, root password dialog, unsigned package warning dialog, etc. etc. etc.)

I could see if a package post script had some kind of password embedded in it or if the RPM had some other type of sensitive material in it. This seems a very rare edge case handled in a way that would affect far more users than it would help, though. 

If this dialog must be kept, though, I would suggest:

1) Putting some information in the dialog to let me know why I would even care. For example, "Risk: If there is sensitive information (such as passwords) in this RPM, it will be made available to any users of this system with access /tmp" (obviously needs better wording)

2) Allowing me to tell PackageKit I don't want to see this dialog again. E.g. a check box that says, "I don't install RPMs with sensitive information in them. Please don't display this warning dialog again."

3) Some sort of Gconf preference to enable/disable this warning, and I would suggest for home users this be disabled by default but it be suggested to be enabled by default for enterprise users in some sort of sysadmin desktop security guide. (I don't know if one exists but it sounds like a good idea)

4) Copy it to /tmp then immediately delete it when you're done with it.

Version-Release number of selected component (if applicable):
PackageKit-0.3.9-3.fc10.x86_64

How reproducible:

Very.

Steps to Reproduce:
1. Download an RPM and save it to your home directory.
2. Double click the RPM in nautilus and an install package? dialog should pop up, click to install the package
3. Package kit will pop up the dialog in the attached screenshot
Comment 1 Richard Hughes 2008-11-05 03:58:53 EST
Well, this bug is sort-of fixed upstream:

commit 838241d093a7be7600d05d35d02b6e6050904b28
Author: Richard Hughes <richard@hughsie.com>
Date:   Fri Oct 31 17:25:56 2008 +0000

    bugfix: fix the interaction when installing local files by only showing the copy dialog for non-native paths.

This makes any user installing things from $HOME not get that horrible copy dialog, rather just the users installing files from $HOME/.gvfs or other FUSE mounts. We have to show a UI for FUSE mounts, as even root can't read the file mounted by FUSE.

You are correct in saying this is a security warning, so I'm not sure this is a good idea to have a "don't show me again". Maybe I'm being paranoid. I guess a GConf key can't hurt, it's the default we need to argue on. :-)

commit 8a0937db1541fe6fbc5469ca9b1c54c2fc564048
Author: Richard Hughes <richard@hughsie.com>
Date:   Wed Nov 5 08:56:15 2008 +0000

    bugfix: add a GConf key /apps/gnome-packagekit/show_copy_confirm to allow
    distributions to choose whether to show the copy from FUSE dialog. Also show
    a copy progress bar with an aync handler. Affects rh#469963

Also, we're not using /tmp anymore, we're using $HOME/.PackageKit/cache as /tmp as Colin pointed out /tmp might not be secure if the file is not opened exclusively.
Comment 2 Máirín Duffy 2008-11-05 12:30:07 EST
Hi Richard!

I like how it's being handled upstream as you described it. I think that's a big improvement. 

I'm not sure how copying the package is a security issue if it's being copied from a FUSE mount to a directory inside your home directory? (I understand with /tmp as that's viewable to all users)
Comment 3 Richard Hughes 2008-11-05 12:49:01 EST
Right, I agree with you that it's no longer a just-to-be-safe security thing. Maybe we can nuke the question completely.
Comment 4 Fedora Update System 2008-11-18 04:43:04 EST
PackageKit-0.3.10-1.fc10,gnome-packagekit-0.3.10-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/PackageKit-0.3.10-1.fc10,gnome-packagekit-0.3.10-1.fc10
Comment 5 Fedora Update System 2008-11-22 11:57:46 EST
PackageKit-0.3.10-1.fc10, gnome-packagekit-0.3.10-1.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update PackageKit gnome-packagekit'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/f10/FEDORA-2008-10000
Comment 6 Bug Zapper 2008-11-25 23:47:03 EST
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 7 Fedora Update System 2008-11-26 21:11:32 EST
kpackagekit-0.3.1-6.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update kpackagekit'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-10175
Comment 8 Fedora Update System 2008-11-28 06:59:26 EST
PackageKit-0.3.11-2.fc10,gnome-packagekit-0.3.11-2.fc10,kpackagekit-0.3.1-7.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/PackageKit-0.3.11-2.fc10,gnome-packagekit-0.3.11-2.fc10,kpackagekit-0.3.1-7.fc10
Comment 9 Fedora Update System 2008-12-02 20:20:50 EST
kpackagekit-0.3.1-7.fc10, PackageKit-0.3.11-3.fc10, gnome-packagekit-0.3.11-3.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update kpackagekit PackageKit gnome-packagekit'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-10610
Comment 10 Fedora Update System 2008-12-07 13:03:02 EST
PackageKit-0.3.11-4.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/PackageKit-0.3.11-4.fc10
Comment 11 Fedora Update System 2008-12-08 08:07:45 EST
PackageKit-0.3.11-4.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Fedora Update System 2008-12-08 08:08:16 EST
kpackagekit-0.3.1-7.fc10, PackageKit-0.3.11-3.fc10, gnome-packagekit-0.3.11-3.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.