Email or username:

Password:

Forgot your password?
Top-level
Jo Shields

@crepererum @marcan hum? Both rpm and deb packages can run arbitrary scripts as root on install without extra user intervention. Installing a package is giving root on your system to the package uploader.

3 comments
crepererum

@directhex @marcan yes, but these are extras and not used by the majority of packages. For most packages it's just placing files. And even the scripts that do run are more limited in scope than a shell script that tries to tries to do everything.

Jo Shields

@crepererum @marcan are you verifying this statement, or merely assuming? I was a Debian Developer for 14 years. Just because a deb *can* contain nothing but files, doesn’t in any way prevent a maintainer from doing whatever they like in postinst

crepererum

@directhex @marcan DO the majority of the packages use postinst or COULD they use it?

Go Up