[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <42DD728C.9020401@roaringpenguin.com>
Date: Tue, 19 Jul 2005 17:37:16 -0400
From: "David F. Skoll" <dfs@...ringpenguin.com>
To: bugtraq@...urityfocus.com
Subject: Pointless discussion (was Re: Installation of software, and security.
. .)
Matt Beaumont wrote:
> Good idea in principle, but a malicious package will just arrange to
> tell J. Random User to run the install with whatever dangerous flags
> allow the malware to do its thing,
This whole discussion is entirely pointless.
On modern systems, installing software is *by definition* highly
dangerous, no matter what. If you let someone drop files in places of
their choosing (or even with a few restrictions), you've basically
agreed to give up control of your machine.
Consider how many packages need to install startup scripts or cron jobs.
And consider how those could be used to compromise a system.
--
David.
Powered by blists - more mailing lists