Hi Olaf! Olaf van der Spek [2005-08-22 19:28 +0200]: > > If we're starting to worry about what kind of damage a DD can do to the > > world by providing some bogus uploads, let's just not. Any DD can cause > > code to be executed as root on a potentially very big number of machines > > world wide, source-only uploads or not, and there are many ways to > > obfuscate malicious code within a big, complex application.
Full ack. > With a (far) better privilege system you could avoid running most if > not all code as root, but that's another topic. No, you can't. The naming (whether you call it root or whatever) is insignificant. You can't write down a set of rules that describe which actions are deemed "good" and "bad", and since packages do need fairly many privileges to install and change files in a system, and execute code (postinst, etc.), you can always screw up user's systems with a malicious package. That's why we mainly trust developers, not heuristics on the buildds. Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
signature.asc
Description: Digital signature
