[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Building packages with exact binary matches

On Fri, Sep 28, 2007 at 09:18:12PM -0500, Manoj Srivastava wrote:
> On Fri, 28 Sep 2007 23:04:00 +0200, Martin Uecker <muecker@gmx.de> said: 
> > There is some other thing I do not like about the way Debian packages
> > work. Every package I install can actually completely compromise my
> > system, because the maintainer scripts are run as root.
>         You can, of course, run a strict mode SELinux system, and see
>  that the apt_t security domain is sufficiently confined for your
>  tastes (you may have a local security policy that tightens down the
>  default project wide constraints, to the level you heart desires).

That would be an option. But it is exactly like the problem with
windows applications: Since the applications are used to having
the privileges, it is much harder to lock them down.


Reply to: