On Sun, Feb 24, 2002 at 05:38:25PM +0100, Carel Fellinger wrote: > Are you sure all package names are sane? Or could some joker distribute a > (non official ofcourse) python package with a name just waiting to exploit > this unsanitized use of its name in a script running as root?
Huh? Aren't these things only called after the package is installed (or while it's installing)? In which case, the joker's non-official python package has already had it's postinst run as root, and the joker already has complete control of your machine. Cheers, aj -- Anthony Towns <[EMAIL PROTECTED]> <http://azure.humbug.org.au/~aj/> We came. We Saw. We Conferenced. http://linux.conf.au/ ``Debian: giving you the power to shoot yourself in each toe individually.'' -- with kudos to Greg Lehey
