Re: Future security problem (was Re: be careful with Replaces, please)

[Raul Miller <rdm@test.legislate.com>]

Brandon Mitchell <bhmit1@mail.wm.edu> wrote:
> I can see a security problem with this.  

Absolutely:  pre/post inst/rm scripts run as root, this is the security
problem to dwarf all other security problems.

Our defense is a wide audience.  The more people we have looking at the
system, the better our chances are of noticing something untoward.
Basicaly, it's an application of "you can't fool all the people all of
the time", and "real security is a social problem more than a technical
problem".

Also, it's a given that the closer you are to the cutting edge, the
less security you have.  We'd do better here if some security-concious
folks were auditting our packages in controlled "burn-in" environments
as well as in wide-open gauntlets.  However, this is a job for someone
with the need and the resources (e.g. governments -- the more the 
merrier).  We'd also need some way of keeping the security folks from
squelching future development...

All of this smells like phd-thesis or research material, to me.

-- 
Raul



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .