| |||||||||||||
|
| |||||||||||||
Follow up: How to write a Linux virusFollow up: How to write a Linux virusPosted Feb 13, 2009 10:16 UTC (Fri) by forthy (guest, #1525)In reply to: Follow up: How to write a Linux virus by roblucid Parent article: Follow up: How to write a Linux virus
There's also ppl installing software packages via a double-click on Desktop. Of course. But then they know that they are going to install software by doing so, and they should be prompted by the distribution's system tool to install software. You can one-click install on OpenSuSE, and I think it's save enough. It will pop up an "install software" program, which displays what kind of software it wants to install, and even insist on importing a GPG key. I'm not that happy with this GPG key import stuff - they should have installed a signing chain so that you can trust GPG keys that have been signed by some OpenSuSE master keys, because otherwise, you can only blindly import it.
(Log in to post comments)
Follow up: How to write a Linux virus Posted Feb 13, 2009 13:03 UTC (Fri) by roblucid (subscriber, #48964) [Link]
I agree with you, and it's made clear what will happen. The lack of any useful way to decide on trust for that key, is a weakness in the one-click install.
So now, we have double-click installing programs into the system, and it's OK, because the stuff is signed, and warnings like entering a password to be root, and a general bside covering warning about trusting repositories is given.
OTOH, we have DE which seem willing to run arbitary code, without any precuations.
|
|
||||||||||||