:: Re: [DNG] Security problem
Page principale
Supprimer ce message
Répondre à ce message
Auteur: tom
Date:  
À: dng
Sujet: Re: [DNG] Security problem
On Mon, 30 Sep 2019 19:46:28 +0200
Gonzalo Pérez de Olaguer Córdoba <salo@???> wrote:

> Hi, Jochen.
>
> El Mon, 30 Sep 2019 19:29:34 +0200
> "J. Fahrner via Dng" <dng@???> escribió:
>
> > I just came across a security problem. The application
> > signal-desktop could not be started anymore because a file from the
> > electron framework did not set a setuid bit
> > (https://github.com/signalapp/Signal-Desktop/issues/3536).
> > For the sandbox feature this obviously needs root privileges.
> > It creeps me out when an application from an untrusted source
> > installs programs with root privileges without me even noticing it.
> > How can I protect myself against this? Is there a way to check
> > Debian packages for a setuid bit set, e.g. in the post-install
> > script?
>
> See the manpage for dpkg-statoverride(1)
> and the file /val/lib/dpkg/statoverride
>
> Cheers.
>


Why in gods name does a centralized instant messenger require root
privileges on your machine?