Don't allow the desktop user to pass arguments to tails-upgrade-frontend
In /etc/sudoers.d/zzz_upgrade
, we allow the desktop user to run
tails-upgrade-frontend as the tails-upgrade-frontend user, with any
arguments. Some of the available options might be dangerous. I’ve looked
at it quickly and didn’t find anything scary, but still, we should lock
this down, and apply something like:
--- a/config/chroot_local-includes/etc/sudoers.d/zzz_upgrade
+++ b/config/chroot_local-includes/etc/sudoers.d/zzz_upgrade
@@ -1,6 +1,6 @@
Cmnd_Alias INSTALL_IUK = /bin/chmod, /bin/cp, /bin/mkdir, /bin/mktemp, /bin/mount, /bin/rm, /bin/tar
Cmnd_Alias IUK_GET_TARGET_FILE = /usr/bin/tails-iuk-get-target-file
-Cmnd_Alias UPGRADE_FRONTEND = /usr/bin/tails-upgrade-frontend
+Cmnd_Alias UPGRADE_FRONTEND = /usr/bin/tails-upgrade-frontend ""
Defaults!IUK_GET_TARGET_FILE env_keep+="HARNESS_ACTIVE DISABLE_PROXY"
Defaults!UPGRADE_FRONTEND env_keep+="DISABLE_PROXY SSL_NO_VERIFY"
Note that the manual test suite doc must be updated, to instruct testers to revert this change, as in this context they do need to pass arguments to t-p-s.
Feature Branch: bugfix/7345-upgrade-from-iso-from-1.0-to-1.1
Related issues
- Related to #7345 (closed)
Original created by @intrigeri on 7410 (Redmine)