----- Original Message ----- From: "Dean" <[EMAIL PROTECTED]> To: "Karsten M. Self" <[email protected]> Sent: Wednesday, April 25, 2001 9:37 PM Subject: Re: How to download a package?
> >> I have also wondered on downloading as root, does this > >> leave us open security wise? Dean > > >Note recent discussion on trimming quotations in responses and using > >postfix response. > > My apologizes for improper e-etiquette. For me, it's easier to read > only the reply and then scroll if I need to be refreshed, but I can see > where it might be confusing. > > >Not significantly. However, minimizing activities run as root tends to > >reduce your security exposure. If you do download live payload and > >accidentally run it as root, you're in more danger than if you run it as > >an unprivileged user. Running "advanced" file transfer utilities -- > >browsers, GUI FTP utilities, etc., may leave you open to automated > >content handling, most of which confers a low benefit for the potential > >risks involved. > > >root user is a powerful tool. It's best used only when needed. > > Agreed, however in order to run apt-get one needs to be root user, > so my question was in regards to vulnerability during the retrieval of > deb's during an apt-get install or upgrade or whatever. Specifically > if while downloading, can we be probed and perhaps be open to > hostile programs while we are apt-getting as root? Dean > > > >Cheers. > > >-- > >Karsten M. Self <[email protected]> http://kmself.home.netcom.com/ > >What part of "Gestalt" don't you understand? There is no K5 cabal > >http://gestalt-system.sourceforge.net/ http://www.kuro5hin.org > > >----- Original Message ----- > >From: "Karsten M. Self" <[email protected]> > >To: <[email protected]> > >Sent: Wednesday, April 25, 2001 5:10 PM > >Subject: Re: How to download a package? > > >
