Sudo even more secure

John Richard Moser nigelenki at comcast.net
Wed Mar 22 17:08:18 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Jan Claeys wrote:
> Op wo, 22-03-2006 te 01:38 -0500, schreef John Richard Moser:
>> Similarly, the synaptic-apt-dpkg stack could be modified to take
>> --jradmin to mean that ONLY signed packages could be used; ONLY the
>> repositories given can supply packages; repositories CANNOT be
>> modified; and the GPG keys CANNOT be changed.  This would allow for
>> software installation and removal without opening a hole re 'dpkg -i
>> baseutils_upgrade_with_rootkit.deb'.
> 
> This reminds me about something I have been thinking about for some time
> now: I think (something like) apt & dpkg doesn't/shouldn't really *need*
> root privileges, except for some limited number of system packages?
> 

You definitely want root access on package management.  Otherwise users
can remove other users' packages; install trojans and viruses; etc.

> 

- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

    Creative brains are a valuable, limited resource. They shouldn't be
    wasted on re-inventing the wheel when there are so many fascinating
    new problems waiting out there.
                                                 -- Eric Steven Raymond

    We will enslave their women, eat their children and rape their
    cattle!
                                     -- Evil alien overlord from Blasto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRCGEgAs1xW0HCTEFAQKpuQ/+I/IbhY0YUgg6g6ywX/TWJsJKy0X+AzMO
dW4D05qcCbAIUlqwze6xTTIWeabkvqCcpDoGgHrrap/rp7RRZH4U1cobvY4cABit
+6yV9/GnRb5dbupNiPJxHwnuXh1VLVLyjJb86phUx8bTsVoUfOv/N/iNY2QN7gfU
Y4dvvmmzepj4G+d2B97HjkkTrEJawmfjRbG8a/8UiT5oB1nqqs0gaS23M3NFhsIA
J+lCLv/qG9h2bnMR1tzYUeEHZa56TOgCcBDRskkpFamaYEVwc+kP0MgOPPY8BrLZ
iYWe9jqLn+uUAD2zUk/+ZbUx0V0ZuNJ2P2rGU6VpNHlYjyTJuyweZmDjhkFLBIKR
LxHvw1eRwRanFdTiACUuAo2ZiU/ewQ/332SV2kEA9c1aAj/GpPdm1WfDlG+0N7kU
EayA48FHOSqXnhL9KV+NFIHFwks5bJSfksBAiiYaTM1Xy7s4iKTzdq32soMCe861
uf4a0pZFw5OWtEf5f2C1TdV2QGz8eV5YPix4kwghgGdAjTMT0MH8NYFZP1/8klNb
Fc+EQ3PTGmnpLgCvml+17vcpwkh5mZbjmmRRXiHoOgFR0iW4GNPVu0gpEgBTHmwo
/dfSI63dtOc6wq6LC04ioz8Cx+WUxNLXzdzuQJV/SRZzZZbb3SYsn2Tw9Q2yg1MF
nHkRMhbTqDk=
=Trrs
-----END PGP SIGNATURE-----

More information about the ubuntu-devel mailing list