On Fri, May 28, 2004 at 09:57:33PM +0200, Niels L. Ellegaard wrote: > > I have been looking at a few of the the sites that offer unofficial > debian packages, and I am somewhat confused about the security issues. > I am not a great Linux guru, so I wonder how easy it would be to hide > a rootkit in a binary package and submit it to apt-get.org or > backports.org. Is this a serious risk or am I just being paranoid?
You are right. Basically installing a *.deb package means providing the package creator of this package to gain root on your system and run any command he wishes. It can install root kit, or worse, it can run "rm -rf /" or "dd if=/dev/urandom of=/dev/hda" through postinst script if it is a malicoius package. So do not play with those packages on your mission critical machine without checking them. Osamu -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
