Sudo even more secure
Jan Claeys
lists at janc.be
Wed Mar 22 10:29:44 GMT 2006
Op wo, 22-03-2006 te 01:38 -0500, schreef John Richard Moser:
> Similarly, the synaptic-apt-dpkg stack could be modified to take
> --jradmin to mean that ONLY signed packages could be used; ONLY the
> repositories given can supply packages; repositories CANNOT be
> modified; and the GPG keys CANNOT be changed. This would allow for
> software installation and removal without opening a hole re 'dpkg -i
> baseutils_upgrade_with_rootkit.deb'.
This reminds me about something I have been thinking about for some time
now: I think (something like) apt & dpkg doesn't/shouldn't really *need*
root privileges, except for some limited number of system packages?
--
Jan Claeys
More information about the ubuntu-devel
mailing list