:: [DNG] Security problem
Inizio della pagina
Questo messaggio è parte di questo thread:
Mil thread completo ordinato per data
M 
MGonzalo Pérez de Olaguer Córdoba at ->
Delete this message
Reply to this message
Autore: J. Fahrner
Data:  
To: Liste, DNG
Oggetto: [DNG] Security problem
I just came across a security problem. The application signal-desktop
could not be started anymore because a file from the electron framework
did not set a setuid bit
(https://github.com/signalapp/Signal-Desktop/issues/3536).
For the sandbox feature this obviously needs root privileges.
It creeps me out when an application from an untrusted source installs
programs with root privileges without me even noticing it.
How can I protect myself against this? Is there a way to check Debian
packages for a setuid bit set, e.g. in the post-install script?

Jochen


Questo messaggio è stato inviato alle seguenti mailing lists:
dng
Informazioni sulla Mailing List | Messaggi correlati		<-Re: [DNG] I wrote IBMRe: [DNG] Security problem->

Donate to Dyne.org

dyne.org open discussions
amministrato da dyne.org hackers		Lurker (versione 2.3)