Hi!
On Sun, 2009-04-12 at 11:29:38 +0200, Holger Levsen wrote:
package: dpkg
severity: wishlist
tags: security
version: 1.14.25
during a discussion about how to compromise the security of a Debian system I
noticed that /var/log/dpkg.log just logs the version number of the packages
package: dpkg
severity: wishlist
tags: security
version: 1.14.25
Hi,
during a discussion about how to compromise the security of a Debian system I
noticed that /var/log/dpkg.log just logs the version number of the packages
installed, thus one can inject a on-the-fly-modified .deb with the same
tag 523745 - security
thanks
On Sun, 12 Apr 2009, Holger Levsen wrote:
during a discussion about how to compromise the security of a Debian system I
noticed that /var/log/dpkg.log just logs the version number of the packages
installed, thus one can inject a on-the-fly-modified .deb with the
Hi,
On Sonntag, 12. April 2009, Raphael Hertzog wrote:
How can you tag this security while saying provided that the user doesn't
care of the security.
I was waking up (finishing my mental backlog from yesterday) and thought of a
different meaning of security: affecting security, not causing
On Sun, 12 Apr 2009, Holger Levsen wrote:
And if the package is doing nasty things, it can also edit
/var/log/dpkg.log.
Not if the file has the immutable, only append bit set.
Nothing forbids the maintainer script to call chattr and remove that
flag temporarily.
Cheers,
--
Raphaƫl
5 matches
Mail list logo
