On Tuesday 13 February 2007 07:56:13 Aniello Del Sorbo wrote: > Frantisek Dufka wrote: > > Aniello Del Sorbo wrote: > >> I mean, if my apps need to be called as "helloworld" and it looks at a > >> conf file called "helloword.conf", why I have to copy the executable > >> in /usr/bin and the conf file in /etc while I can just copy it to > >> /usr/local/bin (owned or writable by 'user) and the conf file in > >> /usr/local/etc ? (just to give an example) and add /usr/local/bin to > >> the path? > > > > Yes it was similar except /usr/local was /var/lib/install. And it was > > done in such way that no package could ever put file outside of > > /var/lib/install (the only way that gives you some additional security > > you probably want). > > > > So you had 2 classes of packages (system ones in / and user ones in > > /var/lib/install) which made system more complex and prevented you from > > making 'system' packages i.e. ones which modifes or extends the system > > in interesting way. > > > > Frantisek > > I do not want that either. > I am not saying we should run dpkg in a chrooted enviromnent. > I am only saying we should run it with the -x (I think) option that > points to something like /usr/local where user can write. In this case > there would be no need to gain root privileges unless the .deb is a > system package (and the system could ask for a password, a la Mac OS X). > > As it is now, and as I understand it, every .deb can brick my device if > it has been built from a malicious user. couple of sides, to write to /usr/local requires root privileges on debian systems. As for the brick part. If I'm malicious I can brick it either way just by doing oh ... #!/bin/sh touch /usr/local/bin/file yes > /usr/local/bin/file That alone would eventually fill up the single partition and wack the box... James > > -- > anidel > _______________________________________________ > maemo-users mailing list > maemo-users at maemo.org > https://maemo.org/mailman/listinfo/maemo-users
