lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <42DD728C.9020401@roaringpenguin.com>
Date: Tue, 19 Jul 2005 17:37:16 -0400
From: "David F. Skoll" <dfs@...ringpenguin.com>
To: bugtraq@...urityfocus.com
Subject: Pointless discussion (was Re: Installation of software, and security.
 . .)


Matt Beaumont wrote:

> Good idea in principle, but a malicious package will just arrange to
> tell J. Random User to run the install with whatever dangerous flags
> allow the malware to do its thing,

This whole discussion is entirely pointless.

On modern systems, installing software is *by definition* highly
dangerous, no matter what.  If you let someone drop files in places of
their choosing (or even with a few restrictions), you've basically
agreed to give up control of your machine.

Consider how many packages need to install startup scripts or cron jobs.
And consider how those could be used to compromise a system.

--
David.




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ