Re: The Python Registrar
On Sun, Feb 24, 2002 at 05:38:25PM +0100, Carel Fellinger wrote:
> Are you sure all package names are sane? Or could some joker distribute a
> (non official ofcourse) python package with a name just waiting to exploit
> this unsanitized use of its name in a script running as root?
Huh? Aren't these things only called after the package is installed (or while
it's installing)? In which case, the joker's non-official python package has
already had it's postinst run as root, and the joker already has complete
control of your machine.
Cheers,
aj
--
Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
We came. We Saw. We Conferenced. http://linux.conf.au/
``Debian: giving you the power to shoot yourself in each
toe individually.'' -- with kudos to Greg Lehey
Reply to: