[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The Python Registrar

On Sun, Feb 24, 2002 at 05:38:25PM +0100, Carel Fellinger wrote:
> Are you sure all package names are sane?  Or could some joker distribute a
> (non official ofcourse) python package with a name just waiting to exploit
> this unsanitized use of its name in a script running as root?

Huh? Aren't these things only called after the package is installed (or while
it's installing)? In which case, the joker's non-official python package has
already had it's postinst run as root, and the joker already has complete
control of your machine.

Cheers,
aj

-- 
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
We came. We Saw. We Conferenced. http://linux.conf.au/

  ``Debian: giving you the power to shoot yourself in each 
       toe individually.'' -- with kudos to Greg Lehey
Reply to: