2009/12/9 Johnathon Tinsley <[email protected]>: > See here for more: > http://www.omgubuntu.co.uk/2009/12/malware-found-in-screensaver-for-ubuntu.html >
It's worth noting for those that don't know, when you install a package you are effectively giving the package creator (temporary) root access to your system. Packages are allowed to contain scripts that apt/dpkg run with root access (this is so they can install software in system directories like /usr, /etc). If the package creator was malicious, it would be easy to put any kind of command in there, including the infamous rm -rf / (or worse). The same applies equally to software you compile yourself if you run "sudo make install". Think twice about installing packages from outside the Ubuntu repositories, Linux is only as secure as its weakest point, don't let that point be you :) Matthew PS. On the other hand I believe it is dpkg/Debian/Ubuntu's failure in that you can't (easily) install software in a sandbox... this isn't even that difficult to do for most software... -- [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
