I can try to do a prove of concept for this one. I believe the shell process that runs the apt-get software should be the ONLY ONE that runs under root priveledges. The UI shouldn't as there's multiple security issues with Gtk+ programs.
Using a pipe you can very easily achieve that. You could also create a very simple helper application that sends-back information like the progression information and/or the output of the terminal. This is the proof that the complete tool is being run as root:
Ubuntu is very lucky it doesn't have people like me trying to write malware. I could probably create a tool that would gain root priveledges in 50 minutes. This is total insanity and extremely insecure.
I can try to do a prove of concept for this one. I believe the shell process that runs the apt-get software should be the ONLY ONE that runs under root priveledges. The UI shouldn't as there's multiple security issues with Gtk+ programs.
Using a pipe you can very easily achieve that. You could also create a very simple helper application that sends-back information like the progression information and/or the output of the terminal. This is the proof that the complete tool is being run as root:
root 7221 1.2 6.7 99940 70132 ? Ssl 10:36 0:07 /usr/bin/python /usr/bin/ update- manager
Ubuntu is very lucky it doesn't have people like me trying to write malware. I could probably create a tool that would gain root priveledges in 50 minutes. This is total insanity and extremely insecure.