:: Re: [DNG] Security problem
Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MGonzalo Pérez de Olaguer Córdoba at <-
MJ. Fahrner at ->
Delete this message
Reply to this message
Author: tom
Date:  
To: dng
Subject: Re: [DNG] Security problem
On Mon, 30 Sep 2019 19:46:28 +0200
Gonzalo Pérez de Olaguer Córdoba <salo@???> wrote:

> Hi, Jochen.
>
> El Mon, 30 Sep 2019 19:29:34 +0200
> "J. Fahrner via Dng" <dng@???> escribió:
>
> > I just came across a security problem. The application
> > signal-desktop could not be started anymore because a file from the
> > electron framework did not set a setuid bit
> > (https://github.com/signalapp/Signal-Desktop/issues/3536).
> > For the sandbox feature this obviously needs root privileges.
> > It creeps me out when an application from an untrusted source
> > installs programs with root privileges without me even noticing it.
> > How can I protect myself against this? Is there a way to check
> > Debian packages for a setuid bit set, e.g. in the post-install
> > script?
>
> See the manpage for dpkg-statoverride(1)
> and the file /val/lib/dpkg/statoverride
>
> Cheers.
>

Why in gods name does a centralized instant messenger require root
privileges on your machine?
This message was posted to the following mailing lists:
dng
Mailing List Info | Nearby Messages		<-Re: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/sRe: [DNG] how to investigate constant outgoing ARP traffic - TX: ~7K/s->

Donate to Dyne.org

dyne.org open discussions
administrated by dyne.org hackers		Lurker (version 2.3)