webapps-applications removes package installation prompt

Bug #1061734 reported by Marc Deslauriers on 2012-10-04
274
This bug affects 5 people
Affects Status Importance Assigned to Milestone
webapps-applications (Ubuntu)
Critical
Unassigned
Quantal
Critical
Unassigned

Bug Description

In bug 1035207, the security team was asked for permission to install webapps scripts without prompting the user for their password. Since this has a high impact on security, permission was granted if the following restrictions were adhered to:

1- Installing without a password is limited to users in the "admin" group.
2- The repository whitelist for aptdaemon is shipped in a separate "webapps"-named package, and not part of the aptdaemon package.
3- Up-to-date documentation for the exact steps required for auditing the security of contributed webapp scripts. This needs to be written by someone familiar with the intricacies of how the scripts are integrated in the browser security model and how the webapps functionality was implemented.
4- An webapp script security scanning tool that can detect basic security flaws, and can be updated with new flaws as they are discovered.
5- A policy in place to systematically audit new webapp scripts and improvements to existing webapp scripts using the documentation and the scanning tool before they are accepted into the repository.
6- Tracking of a "sign-off" procedure to determine when the security auditing of contributed scripts was performed, by who, and with what revision of the auditing documentation and script.

webapps-applications (2.4.7-0ubuntu2) has been uploaded to Quantal, to permit a passwordless installation of webapps script, but I cannot find the location of requirements 3 to 6.

This change needs to be reverted until the proper requirements are put in place.

Changed in webapps-applications (Ubuntu Quantal):
importance: Undecided → Critical

- For point 3: here is the base of a document that is to be used for that, it needs a bit of cleaning up and improvement (based on some feedback I had) but it is a start

https://docs.google.com/a/canonical.com/document/d/1Ny_W8LKfv_jFqh3UiBdvdpSoEdIc2HoEbCSr6C2XxKA/edit

- For point 4: we have a basic script that I will commit (and we can improve upon),

Robert Carr (robertcarr) wrote :

5 and 6 will be addressed through an autolanding scheme.

Movement of webapps from webapps-applications (or other) source tree to packaging branch (prior to upload) will only be allowed via an autolanding daemon which requires a security sign off + an automated run of the script. This will be logged. I'll get this scheme in to place over the 24 hours or so.

Marc Deslauriers (mdeslaur) wrote :

OK, since the requirements are on track to be addressed, the change can be left in Quantal. Thanks!

Changed in webapps-applications (Ubuntu Quantal):
status: New → Confirmed
Changed in webapps-applications (Ubuntu Quantal):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers