Looking at Package Management for Karmic or Karmic+1

Matt Wheeler m at funkyhat.org
Sat Apr 4 17:23:29 UTC 2009


2009/4/4 Nils Kassube <kassube at gmx.net>:
> If you don't trust update-manager you would have to check everything
> after an update. I don't think anybody will do that even after
> providing the password. Most users don't even know what to look for to
> check the system.

That's not the point I'm trying to make. Maybe it's not as big an issue as I think, but I meant if update-manager had any possibility of crashing then perhaps a malicious user/program could use it to escalate privilieges (I've personally found 1 or 2 root escalation bugs in GDM for example, how would we guarantee not to have the same problems here)?


-- 
Matt Wheeler
m at funkyHat.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 270 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20090404/9b38492a/attachment.pgp>


More information about the Ubuntu-devel-discuss mailing list