Re: How to download a package?
----- Original Message -----
From: "Dean" <destruss@IowaTelecom.net>
To: "Karsten M. Self" <firstname.lastname@example.org>
Sent: Wednesday, April 25, 2001 9:37 PM
Subject: Re: How to download a package?
> >> I have also wondered on downloading as root, does this
> >> leave us open security wise? Dean
> >Note recent discussion on trimming quotations in responses and using
> >postfix response.
> My apologizes for improper e-etiquette. For me, it's easier to read
> only the reply and then scroll if I need to be refreshed, but I can see
> where it might be confusing.
> >Not significantly. However, minimizing activities run as root tends to
> >reduce your security exposure. If you do download live payload and
> >accidentally run it as root, you're in more danger than if you run it as
> >an unprivileged user. Running "advanced" file transfer utilities --
> >browsers, GUI FTP utilities, etc., may leave you open to automated
> >content handling, most of which confers a low benefit for the potential
> >risks involved.
> >root user is a powerful tool. It's best used only when needed.
> Agreed, however in order to run apt-get one needs to be root user,
> so my question was in regards to vulnerability during the retrieval of
> deb's during an apt-get install or upgrade or whatever. Specifically
> if while downloading, can we be probed and perhaps be open to
> hostile programs while we are apt-getting as root? Dean
> >Karsten M. Self <email@example.com> http://kmself.home.netcom.com/
> >What part of "Gestalt" don't you understand? There is no K5 cabal
> >http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org
> >----- Original Message -----
> >From: "Karsten M. Self" <firstname.lastname@example.org>
> >To: <email@example.com>
> >Sent: Wednesday, April 25, 2001 5:10 PM
> >Subject: Re: How to download a package?