On 02/15/2009 05:26 PM, Boyd Stephen Smith Jr. wrote:
On Sunday 15 February 2009 15:48:37 Ron Johnson wrote:
[W]hat's to stop Joe Wannabe from doing this?
$ sudo dpkg -i NakedBrittany.deb
What's to stop Joe Wannabe from doing this?
sudo rm -rf The Great American Novell / Movie
Neither is an actual security issue.
Depends, I guess, on your definition of "security". Both require
user interaction, and while the "sudo rm" certainly would be a
disaster, installing NakedBrittany.deb would/could install a
rootkit, keystroke logger, etc, etc.
and the
other thru a poorly-working (official) Debian patch to ssh. (Or was
it SSL?)
I don't recall this actually causing the Debian servers to be compromised.
Ah, you're right. It was back in July 2006 that gluck got compromised.
--
Ron Johnson, Jr.
Jefferson LA USA
Supporting World Peace Through Nuclear Pacification
--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
