[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The Python Registrar

On Mon, Feb 25, 2002 at 12:55:01PM +1000, Anthony Towns wrote:
> On Sun, Feb 24, 2002 at 05:38:25PM +0100, Carel Fellinger wrote:
> > Are you sure all package names are sane?  Or could some joker distribute a
> > (non official ofcourse) python package with a name just waiting to exploit
> > this unsanitized use of its name in a script running as root?
> 
> Huh? Aren't these things only called after the package is installed (or while
> it's installing)? In which case, the joker's non-official python package has
> already had it's postinst run as root, and the joker already has complete
> control of your machine.

Your right, I'm wrong and clearly overreacting.

-- 
groetjes, carel
Reply to: