> On Friday 22 Oct 2004 05:31, Mikkel L. Ellertson wrote: >> John Wilson wrote: >> >> <------------- snip ------------> >> >> >> John, >> I think you did a great job of summing it up. But one thing I have >> never seen talked about as a way to get a virus into a Linux system is >> to include it in an RPM. Lets face it, how many people actualy check >> the scripts that are run when an rpm is installed? Do you check that it >> is signed properly? (I know urpmi will check, but I also remember >> problem with package signitures talked about on the lists...) Remember, >> almost all RPMs are installed by root, so any scripts an RPM runs are >> also run by root. And all that is needed is to hack an update mirror >> site to infect a large number of machines... >> > Which is why you should be extremely careful about any software that does > not > come from known and trusted sources. Reputable sources do have checks > built > in to make sure they start with safe packages and their boxes are not > cracked. As always, the ultimate check is your own care and common sense. > > Anne
So how exactly does one safeguard against a trojan when installing an RPM?
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________