Hi, Jochen.
El Mon, 30 Sep 2019 19:29:34 +0200
"J. Fahrner via Dng" <dng@???> escribió:
> I just came across a security problem. The application signal-desktop
> could not be started anymore because a file from the electron framework
> did not set a setuid bit
> (https://github.com/signalapp/Signal-Desktop/issues/3536).
> For the sandbox feature this obviously needs root privileges.
> It creeps me out when an application from an untrusted source installs
> programs with root privileges without me even noticing it.
> How can I protect myself against this? Is there a way to check Debian
> packages for a setuid bit set, e.g. in the post-install script?
See the manpage for dpkg-statoverride(1)
and the file /val/lib/dpkg/statoverride
Cheers.
--
Gonzalo Pérez de Olaguer Córdoba salo@???
-=- buscando empleo desde 1988 -=- www.gpoc.es
PGP: 3F87 CCE7 8B35 8C06 E637 2D57 5723 9984 718C A614