On Fri, May 04, 2012 at 07:25:01AM -0000, zub wrote:
> I have http_proxy environment variable and I have proxy configured in
> /etc/apt/apt.conf.d. This is what I believe to be the correct setup - no
> MITM via sudo, and update-manager, apt, aptitude, jockey just work.
> Where does the dialog originate from? update-notifier? But is it also
> the source of the text? I'd have guessed it's flashplugin-installer-
> related script trying to download something, and not using apt's proxy,
> and not seeing http_proxy.
The dialog is from update-notifier.
> Could you not just make the flashplugin-installer script (or whatever is
> it that is trying to do the download) pull in /etc/profile? That sounds
> sane to me, I don't see it being a hole for the http_proxy hijack as
> sudo would be. Sounds safer to me than just passing http_proxy through
> sudo. Also note that sudo -i does pull /etc/profile in.
It wouldn't be a hole, but I don't know that manually pulling in
/etc/profile is correct. Anyway, we are never execing a shell here; parsing
/etc/profile in python would be messy, to say the least.
I think the main issue still affecting people is bug #982684, which I'm
working on.
On Fri, May 04, 2012 at 07:25:01AM -0000, zub wrote: apt.conf. d. This is what I believe to be the correct setup - no
> I have http_proxy environment variable and I have proxy configured in
> /etc/apt/
> MITM via sudo, and update-manager, apt, aptitude, jockey just work.
See bug #982684.
> Where does the dialog originate from? update-notifier? But is it also installer-
> the source of the text? I'd have guessed it's flashplugin-
> related script trying to download something, and not using apt's proxy,
> and not seeing http_proxy.
The dialog is from update-notifier.
> Could you not just make the flashplugin- installer script (or whatever is
> it that is trying to do the download) pull in /etc/profile? That sounds
> sane to me, I don't see it being a hole for the http_proxy hijack as
> sudo would be. Sounds safer to me than just passing http_proxy through
> sudo. Also note that sudo -i does pull /etc/profile in.
It wouldn't be a hole, but I don't know that manually pulling in
/etc/profile is correct. Anyway, we are never execing a shell here; parsing
/etc/profile in python would be messy, to say the least.
I think the main issue still affecting people is bug #982684, which I'm
working on.