| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 19 Jul 2005 12:04:17 +0300 (IDT) From: Alexander Klimov <alserkli@...ox.ru> Cc: bugtraq@...urityfocus.com Subject: Re: Installation of software, and security. . . On Sat, 16 Jul 2005, John Richard Moser wrote: > Windows installation has two paths: > [...] > > Debian follows a slightly different model consisting of multiple steps: > [...] > > The common factor in each of these methods is that third party code is > run with privileged access before, during, or after the installation. > This may be a problem. There is also a great difference between what you call `third party:' it is really `third' in Windows case (you and MS are the first and the second), but in case of Debian most often it is not `third party code' because it is the code prepared/checked and signed by the second party (Debian) and so the code is trusted (you have to trust your OS vendor). If you get some software from somebody you can not trust then your best bet is to run it inside some separated environment (as a separate user, from vmware, etc.) BTW: some package management systems do ask about executing code, for example, the pkgadd utility warns you that some scripts must be executed with super-user permissions. -- Regards, ASK
Powered by blists - more mailing lists