On Fri, Jul 11, 2008 at 07:36:44AM -0500, Ron Johnson wrote: > http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html > > What are people's thoughts on this?
It's been known for quite a while. (I asked one of the guys publishing it, and he was fully aware of that, but felt it was still important to bring light to it.) In any case, it's pretty hard to exploit as long as you have security updates on a different (trusted) server. The best thing you can do is DoS the process so the user's package management software crashes, or simply never update your mirror so users don't get updates. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
