Dude, and I thought I'm paraniod :) Even I trust the debian sources in /etc/apt/sources.list, not without the PGP key or MD5 of course.
Just make sure the digital signature and/or MD5 checksum
comes from a trusted source.
Unless, of course, you want to write your own code. :)
-Anne
On Wed, Apr 17, 2002 at 09:52:24PM -0700, Tim Freeman wrote:
> At the moment my system has 876 packages installed. They were all
> installed by root. Each package gets a chance to run an arbitrary
> shell script as root, so it seems to me that there must have been much
> more than 876 opportunities for my system to get utterly destroyed by
> absolute strangers. So far, none of them decided to do me in. It's
> surprising it all works so well.
>
> This leads to some questions:
>
> 1. Have there been problems with people submitting malicious packages,
> or packages that were so buggy they might have well been malicious?
> If so, what happened?
>
> 2. Are there any ideas about how to tighten this up a bit? Here are
> some vague ideas:
>
> 2a. I can vaguely imagine something where many packages run their
> installation scripts under a user id unique to that package, so the
> installation script is therefore unable to arbitrarily destroy
> everything.
>
> 2b. It might be possible to do it with only one special user id for
> package installs, where a root process chowns everything owned by
> the package after the install script is complete, and chowns it
> back before an uninstall script runs. You'd need a separate
> database that lists which files got chowned so you'll know to chown
> them back later.
>
> 2c. Perhaps something like XFS access lists could be used (if everyone
> were running XFS) or SELinux or LIDS (where did the .deb for LIDS go,
> by the way?) I have no experience with any of these, so this may be
> nonsense.
>
> I don't see a clear path to doing this the "right" way, where chaos is
> prevented by something more substantial than a social convention.
>
> I have to admit that the social convention is working very well at the
> moment, though.
>
> --
> Tim Freeman
> [EMAIL PROTECTED]
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
--
.-"".__."``". Anne Carasik, System Administrator
.-.--. _...' (/) (/) ``' [EMAIL PROTECTED]
(O/ O) \-' ` -="""=. ', Center for Advanced Computing Research
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
msg06404/pgp00000.pgp
Description: PGP signature
