Bugtraq mailing list archives
Re: Installation of software, and security. . .
From: Alexander Klimov <alserkli () inbox ru>
Date: Tue, 19 Jul 2005 12:04:17 +0300 (IDT)
On Sat, 16 Jul 2005, John Richard Moser wrote:
Windows installation has two paths: [...] Debian follows a slightly different model consisting of multiple steps: [...] The common factor in each of these methods is that third party code is run with privileged access before, during, or after the installation. This may be a problem.
There is also a great difference between what you call `third party:' it is really `third' in Windows case (you and MS are the first and the second), but in case of Debian most often it is not `third party code' because it is the code prepared/checked and signed by the second party (Debian) and so the code is trusted (you have to trust your OS vendor). If you get some software from somebody you can not trust then your best bet is to run it inside some separated environment (as a separate user, from vmware, etc.) BTW: some package management systems do ask about executing code, for example, the pkgadd utility warns you that some scripts must be executed with super-user permissions. -- Regards, ASK
Current thread:
- Re: Installation of software, and security. . ., (continued)
- Re: Installation of software, and security. . . John Richard Moser (Jul 20)
- Re: Installation of software, and security. . . Matt Beaumont (Jul 19)
- Pointless discussion (was Re: Installation of software, and security. . .) David F. Skoll (Jul 19)
- RE: Installation of software, and security. . . Burton Strauss (Jul 19)
- Re: Installation of software, and security. . . Peter Keel (Jul 20)
- Re: Installation of software, and security. . . Tino Wildenhain (Jul 19)
- Re: Installation of software, and security. . . Kerry Thompson (Jul 19)
- RE: Installation of software, and security. . . Burton Strauss (Jul 19)
- Re: Installation of software, and security. . . David F. Skoll (Jul 19)
- Re: Installation of software, and security. . . joop gerritse (Jul 20)