[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <TheMailAgent.1aaf8f712c0ad5d@211a1cc47aa284d93edfd>
Date: Tue, 19 Jul 2005 12:04:17 +0300 (IDT)
From: Alexander Klimov <alserkli@...ox.ru>
Cc: bugtraq@...urityfocus.com
Subject: Re: Installation of software, and security. . .
On Sat, 16 Jul 2005, John Richard Moser wrote:
> Windows installation has two paths:
> [...]
>
> Debian follows a slightly different model consisting of multiple steps:
> [...]
>
> The common factor in each of these methods is that third party code is
> run with privileged access before, during, or after the installation.
> This may be a problem.
There is also a great difference between what you call `third party:'
it is really `third' in Windows case (you and MS are the first and the
second), but in case of Debian most often it is not `third party code'
because it is the code prepared/checked and signed by the second party
(Debian) and so the code is trusted (you have to trust your OS
vendor).
If you get some software from somebody you can not trust then your
best bet is to run it inside some separated environment (as a separate
user, from vmware, etc.)
BTW: some package management systems do ask about executing code, for
example, the pkgadd utility warns you that some scripts must be
executed with super-user permissions.
--
Regards,
ASK
Powered by blists - more mailing lists