Study: Attacks on package managers (inclusing apt)

To: debian-security@lists.debian.org
Subject: Study: Attacks on package managers (inclusing apt)
From: Daniel Leidert <daniel.leidert.spam@gmx.net>
Date: Thu, 17 Jul 2008 16:46:54 +0200
Message-id: <1216306014.31418.6.camel@localhost>

Hi all,

Today there were some news about a study from the University of Arizona
regarding security issues with package management systems (like apt). I
did not yet read the whole study, but probably it's interesting for the
project (they write about "vulnerabilities"). The study is here:

http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html

and some ongoing discussion here:

http://lwn.net/Articles/289883/

(maybe some of you are already involved in the discussion there).

I'm sorry, if this has already been brought up. I did not find a posting
regarding this study, so I hereby start this thread).

Regards, Daniel

Reply to:

Follow-Ups:
- Re: Study: Attacks on package managers (inclusing apt)
  - From: Michael Stone <mstone@debian.org>
- Re: Study: Attacks on package managers (inclusing apt)
  - From: Johannes Wiedersich <johannes@physik.blm.tu-muenchen.de>

Prev by Date: Re: [SECURITY] [DSA 1611-1] New afuse packages fix privilege escalation
Next by Date: Re: Study: Attacks on package managers (inclusing apt)
Previous by thread: Re: [SECURITY] [DSA 1611-1] New afuse packages fix privilege escalation
Next by thread: Re: Study: Attacks on package managers (inclusing apt)
Index(es):
- Date
- Thread