:: Re: [DNG] Security problem
Top Page
Delete this message
Reply to this message
Author: Gonzalo Pérez de Olaguer Córdoba
Date:  
To: dng
Subject: Re: [DNG] Security problem
Hi, Jochen.

El Mon, 30 Sep 2019 19:29:34 +0200
"J. Fahrner via Dng" <dng@???> escribió:

> I just came across a security problem. The application signal-desktop
> could not be started anymore because a file from the electron framework
> did not set a setuid bit
> (https://github.com/signalapp/Signal-Desktop/issues/3536).
> For the sandbox feature this obviously needs root privileges.
> It creeps me out when an application from an untrusted source installs
> programs with root privileges without me even noticing it.
> How can I protect myself against this? Is there a way to check Debian
> packages for a setuid bit set, e.g. in the post-install script?


See the manpage for dpkg-statoverride(1)
and the file /val/lib/dpkg/statoverride

Cheers.

-- 
   Gonzalo Pérez de Olaguer Córdoba       salo@???
  -=- buscando empleo desde 1988 -=-       www.gpoc.es 


PGP: 3F87 CCE7 8B35 8C06 E637 2D57 5723 9984 718C A614