A Look In the Mirror: Attacks on Package Managers

Erik de Castro Lopo Sat, 05 Jun 2010 19:31:57 -0700

Hi All,

Did anyone see this paper:


    A Look In the Mirror: Attacks on Package Managers
    http://www.cs.arizona.edu/~jhh/papers/ccs08.pdf

It suggests that anyone who has control of a mirror can cause client
machines to install software created by the attacker or install an
outdated version of a package with a vulnerability the attacker knows
how to exploit.

Is anyone in Debian working on a response to this issue.

Cheers,
Erik
-- 
----------------------------------------------------------------------
Erik de Castro Lopo
http://www.mega-nerd.com/


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/20100606122827.acb09dd5.mle+deb...@mega-nerd.com

A Look In the Mirror: Attacks on Package Managers

Reply via email to