on Sat, Mar 31, 2001 at 07:40:45PM +0200, Roberto Diaz (rdiazmartin@vivaldi.ddts.net) wrote: > > Like every so-called Linux virus, it requires the user to behave stupidly > > - it's really a trojan horse. It has the same permission rules as any > > other program, so it can't change root-owned files, unless they are > > world-writable or you are running as root. > > The thing that's special about it is that it can infect both Windows and > > Linux executables - which is really quite impressive. Otherwise it's > > nothing special. > > What chances do we have to get a virus from a malicious .deb package > someone had leak into debian.org? > > We always run apt-get as root.. dont we? There have recently been some changes to the deb package format, including the ability to sign packages (a feature enabled on RPM for some time). I've only picked up part of the discussion, but it's a suggestion that's been outstanding for some time. It doesn't solve all problems, but it does tighten the holes a bit. Someone got a pointer to the discussion? I'll research later today. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What part of "Gestalt" don't you understand? There is no K5 cabal http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
Attachment:
pgpEqq8osncsQ.pgp
Description: PGP signature