The Ubuntu community has contributed 13963 ideas, 66846 comments, 1291785 votes
Idea
#10148: Being able to check for updates without password
|
| |
78
|
|
|
Written by Eldmannen the 21 Jun 08 at 20:18.
Category: System.
Related to:
Nothing/Others.
Status: New
|
|
|
Description
I think that it should be possible to connect to the repository and check if there are any updates available without having to enter a password.
The password should only be needed for installing the updates, not for checking for updates.
Attachments
 Bug #241980 : Being able to check for updates without password
|
|
Duplicates
Comments
|
fazillatheef wrote on the 22 Jun 08 at 08:19
| |
I think thats not easy because when you do update many files that require root privilage are edited... if the privilage is given to a normal user that going to be hole in the operating system...
|
|
deeesseee wrote on the 22 Jun 08 at 08:46
|
@fazillatheef: All the Op is suggesting is to allow the download of these files without privileges, not any execution or installation.
This is kind of already possible if you select the "Download all updates in the background" option on the Updates tab within the Software Sources options. Yet I guess for that you have to wait for the automatic "check for updates" as well, so this option is almost no better.
In other words: +1
|
|
drinkypoo wrote on the 22 Jun 08 at 13:09
|
1. Create a group 'apt'
2. add to /etc/sudoers:
Cmnd_Alias APTUPDATE = /usr/bin/apt-get update
%apt ALL=NOPASSWD: APTUPDATE
3. Add yourself to group 'apt'
4. run 'sudo apt-get update'
By specifying the allowable options on the commandline you eliminate a lot of potential abuse of sudo with nopassword. You could change the ALL to a hostname or other host spec if you use sudo in a way that the ALL could be abused. This won't let you modify sources (you can give the user write access to /etc/apt/sources.list.d for that) but it will let you retrieve new lists.
|
|
bgfeldm wrote on the 1 Jul 08 at 16:01
|
If a malicious user (locally or remote) performs a update check they could potentially find what software vulnerability exist by what is needing to be updated, especially if a update is a security update.
Would be better to prompt for the password for the update check then have the sudo password expire soon after the check or the application is closed.
|
|
andruk wrote on the 6 Jul 08 at 22:21
| |
Agreed with bgfeldm, this could pose a security risk.
|
|
Stebalien wrote on the 26 Aug 08 at 20:31
| |
@bgfeldm: An attacker could just as easily run 'dpkg -l' and compare that version list against the one freely available on the Ubuntu website. In spite of this, I still believe that a normal user should not be able to check for updates without entering his or her password.
|
Post your comment
|
|
|
