On 02/16/2009 12:40 PM, H.S. wrote:
Ron Johnson wrote:On 02/16/2009 04:30 AM, Dave Sherohman wrote:On Sun, Feb 15, 2009 at 04:22:37PM -0300, Eduardo M KALINOWSKI wrote:But neither of these help in case a stupid user receives an e-mail saying: Run 'sudo dpkg -i FreePornPics.deb to see <insert celebrity name here>'s secret sex tape'.No, but it still wouldn't get far because, unlike all the major Windows malware threats, this requires the user to do actual *typing* (eww! yuck!) instead of just going clicky-clicky or auto-running as soon as the message is previewed.You have a point. However... Hooking file-roller into gksu and dpkg wouldn't be that hard. In fact, I wouldn't be surprised if that weren't already the case.I think Ubuntu does it.
Why am I *not* surprised?
You download a deb to your desktop, double click
on it and the GUI leads you through the installation after asking for
the sudo password. So, yes, you need to be an admin for this.
>
What I haven't seen yet is a deb which does not need even sudo privileges so that the package is installed in the user's own home directory. If this were practical, wouldn't be hard to envision a key logger being installed to record the user's login names and passwords. Is this something that is feasible?
Sure. The keylogger would have to add itself to the "autostart folder", but that's no mean feat.
-- Ron Johnson, Jr. Jefferson LA USA Supporting World Peace Through Nuclear Pacification