On Mon, 30 Sep 2019 19:46:28 +0200 Gonzalo Pérez de Olaguer Córdoba <s...@gpoc.es> wrote:
> Hi, Jochen. > > El Mon, 30 Sep 2019 19:29:34 +0200 > "J. Fahrner via Dng" <dng@lists.dyne.org> escribió: > > > I just came across a security problem. The application > > signal-desktop could not be started anymore because a file from the > > electron framework did not set a setuid bit > > (https://github.com/signalapp/Signal-Desktop/issues/3536). > > For the sandbox feature this obviously needs root privileges. > > It creeps me out when an application from an untrusted source > > installs programs with root privileges without me even noticing it. > > How can I protect myself against this? Is there a way to check > > Debian packages for a setuid bit set, e.g. in the post-install > > script? > > See the manpage for dpkg-statoverride(1) > and the file /val/lib/dpkg/statoverride > > Cheers. > Why in gods name does a centralized instant messenger require root privileges on your machine? _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
