Re: Viruses

From: Alan Shutko <ats acm org>
To: gnome-list gnome org
Subject: Re: Viruses
Date: 06 Jul 1999 17:24:25 -0500

Bruce Stephens <bruce@cenderis.demon.co.uk> writes:

> (rpm can do other
> stuff, too, like run ldconfig.  I'm not sure how careful it is about
> what a package can ask it to do, so there's a potential loophole, I
> suppose.) 

There's the rub.  RPM pre and post install/uninstall scripts can do
anything they want.  It's not obvious to me how one would look at
those scripts when getting a package, though I assume you could
rpm2cpio it and look.  But not many people are going to do that, so
it's a vulnerability.  (You can turn off those scripts with
--notriggers... anyone know how to look the script while it's in the
rpm?)


-- 
Alan Shutko <ats@acm.org> - Looking for a job in Long Island!
Check http://rescomp.wustl.edu/~ats/ for a resume.
Break into jail and claim police brutality.

Follow-Ups:
- Re: Viruses
  - From: Bruce Stephens
- Re: Viruses
  - From: James Henstridge
- Re: Viruses
  - From: allbery

References:
- Viruses
  - From: lauris
- Re: Viruses
  - From: Bruce Stephens

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]