basic - continued

Odd iodine at
Sat Feb 6 13:49:51 UTC 2010

Elizabeth Krumbach wrote:
> On Sat, Feb 6, 2010 at 7:54 AM, Odd <iodine at> wrote:
>>> I know that I said there were no viruses but I did some research and
>>> found this!! READ THIS EVERYONE!!
>>> So the key here is not to be stupid and also only install from Ubuntu
>>> repositories!
>> But there is a difference between Linux and Windows here. This
>> will not give the malware root access, unless there are some
>> unpatched flaw it can leverage.
> Actually, while this particular one didn't, a command in a pre/post
> install script in the package (which you're running with root
> permissions through apt or synaptic) could easily do something like
> enable the root account for an attacker to access, change
> ownership/permissions of vital system files, delete things, phone
> home... anything root can do and which can be scripted.

Good point.

> Given this major risk, Paul Tagliamonte actually ran a whole session
> about using trusted software at our recent Ubuntu User Days on IRC:

Yeah, as long as the repositories aren't compromised, like what
happened with Debian a few years back.


More information about the ubuntu-users mailing list