Re: Debian package manager privilege escalation attack

To: debian-devel@lists.debian.org
Subject: Re: Debian package manager privilege escalation attack
From: Holger Levsen <holger@layer-acht.org>
Date: Thu, 12 Aug 2021 16:07:24 +0000
Message-id: <[🔎] 20210812160724.GA3921@layer-acht.org>
In-reply-to: <[🔎] 20210812131923.GA31061@layer-acht.org>
References: <[🔎] CAO6YxPyH5DKH8TB8o=EsE0CesqrqP_Uh1+5DiJOeJjaaY9bPng@mail.gmail.com> <[🔎] 31b54d97-15b4-7cc3-d083-1fe3a664ee91@thykier.net> <[🔎] a91c91916c65e7504d7a035063e08f9f4effffce.camel@hashvault.io> <[🔎] 20210812131923.GA31061@layer-acht.org>

On Thu, Aug 12, 2021 at 01:19:23PM +0000, Holger Levsen wrote:
> if those users are not trustworthy than the bug is giving them sudo,
> nothing else. (Debian does not give sudo to users by default. The default
> is to set a root password.)
> 
> if you give someone a gun for hunting (animals) and that person uses
> the gun for hunting people, the problem is not in the configuration of
> that gun, but that someone.

after some thinking I'd like to s#hunting (animals)#self defense#.

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Debian package manager privilege escalation attack
  - From: Timothy M Butterworth <timothy.m.butterworth@gmail.com>
- Re: Debian package manager privilege escalation attack
  - From: Niels Thykier <niels@thykier.net>
- Re: Debian package manager privilege escalation attack
  - From: Brian Thompson <brian@hashvault.io>
- Re: Debian package manager privilege escalation attack
  - From: Holger Levsen <holger@layer-acht.org>

Prev by Date: Re: Debian package manager privilege escalation attack
Next by Date: Re: Debian package manager privilege escalation attack
Previous by thread: Re: Debian package manager privilege escalation attack
Next by thread: Re: Debian package manager privilege escalation attack
Index(es):
- Date
- Thread