On 02/15/2009 05:26 PM, Boyd Stephen Smith Jr. wrote:
On Sunday 15 February 2009 15:48:37 Ron Johnson wrote:[W]hat's to stop Joe Wannabe from doing this? $ sudo dpkg -i NakedBrittany.debWhat's to stop Joe Wannabe from doing this? sudo rm -rf The Great American Novell / Movie Neither is an actual security issue.
Depends, I guess, on your definition of "security". Both require user interaction, and while the "sudo rm" certainly would be a disaster, installing NakedBrittany.deb would/could install a rootkit, keystroke logger, etc, etc.
and the other thru a poorly-working (official) Debian patch to ssh. (Or was it SSL?)I don't recall this actually causing the Debian servers to be compromised.
Ah, you're right. It was back in July 2006 that gluck got compromised. -- Ron Johnson, Jr. Jefferson LA USA Supporting World Peace Through Nuclear Pacification