BugTraq
Re: Installation of software, and security. . . Jul 19 2005 04:46PM
Matt Beaumont (mbeaumon cs hmc edu) (1 replies)
Pointless discussion (was Re: Installation of software, and security. . .) Jul 19 2005 09:37PM
David F. Skoll (dfs roaringpenguin com)
Matt Beaumont wrote:

> Good idea in principle, but a malicious package will just arrange to
> tell J. Random User to run the install with whatever dangerous flags
> allow the malware to do its thing,

This whole discussion is entirely pointless.

On modern systems, installing software is *by definition* highly
dangerous, no matter what. If you let someone drop files in places of
their choosing (or even with a few restrictions), you've basically
agreed to give up control of your machine.

Consider how many packages need to install startup scripts or cron jobs.
And consider how those could be used to compromise a system.

--
David.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus