What are the potential vulnerabilities of allowing non-root users to run apt-get?

There are two ways I can think of doing this:

  1. On a system with sudo, by modifying /etc/sudoers.

  2. On a system without sudo (such as a Docker environment), by writing a program similar to the below and setting the setuid bit with chmod u+s. apt-get checks real uid, so a setuid call is necessary.

... int main(int argc, char **argv) {     char *envp[] = { ... };     setuid(0);     execve("/usr/bin/apt-get", argv, envp);     return 1; } 

I have two questions:

  1. What are the potential vulnerabilities of allowing non-root users to run apt-get?
  2. My goal is to allow people to install/remove/update packages, given that apt-get lives in a custom non-system refroot and installs from a custom curated apt repository. Are there safer ways to allow non-root users to run apt-get on a system without sudo?

Kaspersky TS blocking apt-get upgrade and marking files as HEUR:Trojan.Script.Generic

I have just recently downloaded kali linux onto my VM software and i was doing apt-get upgrade in terminal and some files got blocked by my kts and i was wondering whether it was a false positive as what its trying to download is tools for code injections, do i allow the files to download or should i listen to kaspersky?
the 2 links –

“apt-get update”: failed to fetch (Ubuntu 18.04 TLS via Windows 10)

  1. There are many different solutions on the Internet, but they didn’t not help me, or I do not know how to correctly execute them. After reading many of them, I think maybe I should configure internet connection settings.

I disabled all firewalls on my PC AND on my router (I use wifi), also I disabled domain protection, windows defender, and changed my wifi connection to public. Also, I found that I can ping IPs via ubuntu.

I am very new to Ubuntu and I use it via Windows 10, please help me! I think that maybe I have to do something with my proxy and network settings. Many people had the same problem, they set a proxy for apt, and after that their problem was solved. I write code from home and I don’t have any proxies. I hope that you will give me a hint


    sudo apt-get update Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease   Temporary failure resolving 'archive.ubuntu.com' Err:2 http://security.ubuntu.com/ubuntu bionic-security InRelease   Temporary failure resolving 'security.ubuntu.com' Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease   Temporary failure resolving 'archive.ubuntu.com' Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease   Temporary failure resolving 'archive.ubuntu.com' Reading package lists... Done W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com' W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease  Temporary failure resolving 'security.ubuntu.com' W: Some index files failed to download. They have been ignored, or old ones used instead. 

Is apt-get secure against DNS Spoofing?

I am aware that installing and updating packages through apt-get should be fairly secure because an attacker supposedly should not be able to interfere or inject packets into the downloads as well as because the packages are signed, with the checksums being verified before(?) the installation.

Consider the case of an attacker performing a man-in-the-middle attack on an apt-get command. If the attacker caused a DNS cache poisoining and redirected the downloads to a server he controls, especially since the downloads are requested using HTTP only, couldn’t the attacker cause the system to download a compromised version of the Release and Packages files, and then push compromised versions of packages to the system? Wouldn’t that then look all correct to apt-get which could then go on to install a compromised package?

Can the attacker not make a mirror of an official repository, compromise some of the packages, say only the firefox or tor packages, modify the Release and Packages file accordingly with the new checksums/hashes then redirect through DNS spoofing the system to download these?

I’m limiting the discussion to downloads from official repositories only.

I cant use apt-get

I get this error when i enter this command: apt-get install apt-transport-https

root@alex:~# sudo apt-get install apt-transport-https Reading package lists... Done Building dependency tree        Reading state information... Done apt-transport-https is already the newest version (1.8.4). You might want to run 'apt --fix-broken install' to correct these. The following packages have unmet dependencies:  python-matplotlib : Depends: python-matplotlib2-data (>= 2.2.3-6) but it is not going to be installed                      Depends: python-kiwisolver but it is not going to be installed  python-pyside.qtcore : Depends: libpyside1.2 (= 1.2.2+source1-3) but it is not installable                         Depends: libshiboken1.2v5 (>= 1.1.0) but it is not installable  python-qgis-common : Depends: libqgis-customwidgets (>= 2.18.28+dfsg-2) but it is not going to be installed E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution). 

I also tried:

apt --fix-broken install apt-get clean 

Cannot install anything? And cannot run ‘sudo apt-get update –fix-missing’ either?

I’ve installed ubuntu 19.04 in my laptop (Asus K501U): enter image description here

And there’s something not working properly. For some reason I cannot drag and drop files from or to my desktop (I need to cut whatever file or folder and manually paste it in the Desktop or out of it), and sometimes I cannot unselect any icon that I’ve selected. I need to press esc key several times and sometimes reboot the computer.

Now the latest issue is that I cannot install anything out of the software center.

I’ve downloaded XnRetro, and as you can see the XnRetro file that should be an executable does not have the proper icon. enter image description here

Anyway, if I click it nothing happens. And if I try to manually set a program to open it, nothing happens.

I’ve tried other options, and in all cases… it does nothing.

enter image description here

What’s going on? What can I do?

Please note that before posting it here, I’ve tried fixing anything that might be broken (even if it’s a fresh install). So, I’ve tried: After trying

sudo apt-get update –fix-missing 

reply: The update command takes no arguments

sudo dpkg –configure -a 

reply: dpkg: error: need an action option

sudo apt-get install -f 

reply: Reading package lists… Done Building dependency tree Reading state information… Done 0 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.

If I click on “check for updates” button, I get this GNOME error: enter image description here

sudo apt-get update not working and ctrl+alt+t not working

I am using ubuntu 18.04
I have installed python 3.6 and 3.7 together and set default 3.7 Now I am facing two problems:

  1. when I am trying to

    sudo apt-get update
    it shows the error

    Traceback (most recent call last):  File "/usr/lib/cnf-update-db", line 8, in <module> from CommandNotFound.db.creator import DbCreator  File "/usr/lib/python3/dist-packages/CommandNotFound/db/creator.py", line 11, in <module>  import apt_pkg  ModuleNotFoundError: No module named 'apt_pkg'  Error in sys.excepthook:  Traceback (most recent call last):  File "/usr/lib/python3/dist-packages/apport_python_hook.py", line 63, in apport_excepthook  from apport.fileutils import likely_packaged, get_recent_crashes  File "/usr/lib/python3/dist-packages/apport/__init__.py", line 5, in <module>  from apport.report import Report  File "/usr/lib/python3/dist-packages/apport/report.py", line 30, in <module>  import apport.fileutils  File "/usr/lib/python3/dist-packages/apport/fileutils.py", line 23, in <module>  from apport.packaging_impl import impl as packaging  File "/usr/lib/python3/dist-packages/apport/packaging_impl.py", line 24, in <module>   import apt   File "/usr/lib/python3/dist-packages/apt/__init__.py", line 23, in <module>   import apt_pkg   ModuleNotFoundError: No module named 'apt_pkg'   
  2. ctrl+alt+t command does not open gnome terminal

My Questions are :

  1. Is there any solution to recover?


  2. How can I reset ubuntu default?