[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Signing Packages.gz



On Mon, Apr 03, 2000 at 10:24:02AM +0200, Robert Bihlmeyer wrote:
> Nicolás Lichtmaier <nick@debian.org> writes:
> >  All packages can run things as root. Even the most simple game.
> Doing clandestine things in a install-script is harder than in a
> binary.

#!/bin/sh
/usr/games/mygame --update-score-file-format

...with the malicious code in the game source itself seems pretty
clandestine.

Self-modifying postinsts are probably possible too, with some care.

Cheers,
aj, thinking like a criminal since 1978

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG encrypted mail preferred.

 ``The thing is: trying to be too generic is EVIL. It's stupid, it 
        results in slower code, and it results in more bugs.''
                                        -- Linus Torvalds

Attachment: pgpkVfezZdJvx.pgp
Description: PGP signature


Reply to: