On Fri, Sep 28, 2007 at 09:18:12PM -0500, Manoj Srivastava wrote: > On Fri, 28 Sep 2007 23:04:00 +0200, Martin Uecker <[EMAIL PROTECTED]> said: > > > There is some other thing I do not like about the way Debian packages > > work. Every package I install can actually completely compromise my > > system, because the maintainer scripts are run as root. > > You can, of course, run a strict mode SELinux system, and see > that the apt_t security domain is sufficiently confined for your > tastes (you may have a local security policy that tightens down the > default project wide constraints, to the level you heart desires).
That would be an option. But it is exactly like the problem with windows applications: Since the applications are used to having the privileges, it is much harder to lock them down. Martin
