Re: Building packages with exact binary matches

To: debian-devel@lists.debian.org
Subject: Re: Building packages with exact binary matches
From: Martin Uecker <muecker@gmx.de>
Date: Sat, 29 Sep 2007 11:57:50 +0200
Message-id: <[🔎] 20070929095750.GA9244@bluestein>
Mail-followup-to: Martin Uecker <muecker@gmx.de>, debian-devel@lists.debian.org
In-reply-to: <[🔎] 87tzpekye3.fsf@anzu.internal.golden-gryphon.com>
References: <[🔎] 20070926004509.GA17653@bluestein> <[🔎] 87hclic829.fsf@anzu.internal.golden-gryphon.com> <[🔎] 20070926103151.GA8418@bluestein> <[🔎] 873ax0a7ra.fsf@anzu.internal.golden-gryphon.com> <[🔎] 20070927092847.GB12500@bluestein> <[🔎] 87abr77ki9.fsf@anzu.internal.golden-gryphon.com> <[🔎] 20070928093013.GA1032@bluestein> <[🔎] 20070928160559.GL9003@archimedes.ucr.edu> <[🔎] 20070928210400.GA4180@bluestein> <[🔎] 87tzpekye3.fsf@anzu.internal.golden-gryphon.com>

On Fri, Sep 28, 2007 at 09:18:12PM -0500, Manoj Srivastava wrote:
> On Fri, 28 Sep 2007 23:04:00 +0200, Martin Uecker <muecker@gmx.de> said: 
> 
> > There is some other thing I do not like about the way Debian packages
> > work. Every package I install can actually completely compromise my
> > system, because the maintainer scripts are run as root.
> 
>         You can, of course, run a strict mode SELinux system, and see
>  that the apt_t security domain is sufficiently confined for your
>  tastes (you may have a local security policy that tightens down the
>  default project wide constraints, to the level you heart desires).

That would be an option. But it is exactly like the problem with
windows applications: Since the applications are used to having
the privileges, it is much harder to lock them down.

Martin

Reply to:

References:
- Re: Building packages with exact binary matches
  - From: Martin Uecker <muecker@gmx.de>
- Re: Building packages with exact binary matches
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Building packages with exact binary matches
  - From: Martin Uecker <muecker@gmx.de>
- Re: Building packages with exact binary matches
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Building packages with exact binary matches
  - From: Martin Uecker <muecker@gmx.de>
- Re: Building packages with exact binary matches
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: Building packages with exact binary matches
  - From: Martin Uecker <muecker@gmx.de>
- Re: Building packages with exact binary matches
  - From: Don Armstrong <don@debian.org>
- Re: Building packages with exact binary matches
  - From: Martin Uecker <muecker@gmx.de>
- Re: Building packages with exact binary matches
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: How to detect if inside a buildd chroot
Next by Date: Re: How to detect if inside a buildd chroot
Previous by thread: Re: Building packages with exact binary matches
Next by thread: Re: Building packages with exact binary matches
Index(es):
- Date
- Thread