On Mon, Aug 03, 1998 at 01:11:55AM -0500, Manoj Srivastava wrote: > I realized, of course, after sending the message, that the pre > and post inst scripts are run as root, while the binaries need never > be. I am getting senile. Hmm. > > I guess we need to modify policy on this; and maybe require > that all pre and post install and rm scripts need to be scripts for > security purposes? They're usually run before you get a chance to look at them anyway. I don't see the reasoning at all. If someone has a postinst doing Really Bad Things it will still hit people when it hits unstable. However, I think I would expect something like this would be very seriously dealt with considering it would have a PGP signature on it.
Attachment:
pgpGUtEGvbHtm.pgp
Description: PGP signature