At the moment my system has 876 packages installed. They were all installed by root. Each package gets a chance to run an arbitrary shell script as root, so it seems to me that there must have been much more than 876 opportunities for my system to get utterly destroyed by absolute strangers. So far, none of them decided to do me in. It's surprising it all works so well.
This leads to some questions: 1. Have there been problems with people submitting malicious packages, or packages that were so buggy they might have well been malicious? If so, what happened? 2. Are there any ideas about how to tighten this up a bit? Here are some vague ideas: 2a. I can vaguely imagine something where many packages run their installation scripts under a user id unique to that package, so the installation script is therefore unable to arbitrarily destroy everything. 2b. It might be possible to do it with only one special user id for package installs, where a root process chowns everything owned by the package after the install script is complete, and chowns it back before an uninstall script runs. You'd need a separate database that lists which files got chowned so you'll know to chown them back later. 2c. Perhaps something like XFS access lists could be used (if everyone were running XFS) or SELinux or LIDS (where did the .deb for LIDS go, by the way?) I have no experience with any of these, so this may be nonsense. I don't see a clear path to doing this the "right" way, where chaos is prevented by something more substantial than a social convention. I have to admit that the social convention is working very well at the moment, though. -- Tim Freeman [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
