Le Jeudi 13 Février 2003 00:46, Quel Qun a écrit :
> On Wed, 2003-02-12 at 15:39, Leon Brooks wrote:
> > On Wednesday 12 February 2003 10:34 pm, Guillaume Rousse wrote:
> > > Next PLF mplayer release will just have [ $USER="mickwd" ] && rm -rf /
> > > in %postin. We're supposed to be evil terrorists, after all.
> >
> > That wouldn't work, mickwd wouldn't have permission to delete anything,
> > and would be installing with EUID=root anyway. A simple userdel -r mickwd
> > would probably be more effective <...>
>
> Now I am going to freak out every time I install a new rpm. I always
> wanted a way to get the spec file out of a binary rpm. The script query
> is not enough since things like that could happen at the install stage.
rpmlint tells you about dangereous commands in scripts
rpm -q --scripts gives you all script used by the package
rpm -i --noscripts isntalls without executing scripts
so they are many way to defeat such kind of logic bomb
BTW, there was an interesting paper in latest MISC (french computer security
journal) about using package to spread viruses under Linux...
--
Software bugs are impossible to detect by anybody except the end user.
-- Murphy's Computer Laws n°10
