On 9/28/05, Simon Geard <[EMAIL PROTECTED]> wrote: > Doesn't matter. If a malicious package can already install to > directories in $PATH, it can replace or override an existing program > already being run by the scripts you're trying to secure. > > For instance, one of the first things /etc/rc.d/init.d/rc does is run > 'stty sane'. Replace the stty command with a something malicious, and > it doesn't matter how well secured the boot scripts are.
As per the pkg-user hint, one pkg cannot overwrite a file that is owned by another pkg. But what it can do is to install an indentically named executable in a different location. For example, it can install /usr/bin/stty which may be executed ahead of /bin/stty depending on the PATH settings. -- Tushar Teredesai mailto:[EMAIL PROTECTED] http://www.linuxfromscratch.org/~tushar/ -- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
