Re: Viruses
- From: Alan Shutko <ats acm org>
- To: gnome-list gnome org
- Subject: Re: Viruses
- Date: 06 Jul 1999 17:24:25 -0500
Bruce Stephens <bruce@cenderis.demon.co.uk> writes:
> (rpm can do other
> stuff, too, like run ldconfig. I'm not sure how careful it is about
> what a package can ask it to do, so there's a potential loophole, I
> suppose.)
There's the rub. RPM pre and post install/uninstall scripts can do
anything they want. It's not obvious to me how one would look at
those scripts when getting a package, though I assume you could
rpm2cpio it and look. But not many people are going to do that, so
it's a vulnerability. (You can turn off those scripts with
--notriggers... anyone know how to look the script while it's in the
rpm?)
--
Alan Shutko <ats@acm.org> - Looking for a job in Long Island!
Check http://rescomp.wustl.edu/~ats/ for a resume.
Break into jail and claim police brutality.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]