Re: pkg and root privileges
- Reply: niko.nastonen_a_icloud.com: "Re: pkg and root privileges"
- In reply to: niko.nastonen_a_icloud.com: "Re: pkg and root privileges"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 28 Jul 2022 15:44:08 UTC
On Thu, Jul 28, 2022 at 06:30:37PM +0300, niko.nastonen@icloud.com wrote: > The thread on the forum was closed and deleted by moderators due to unsportsmanlike conduct of some very worried about security :-) > > pkg indeed needs some review in terms of usage of superuser privileges, in my opinion. Not only fetch, but other parts too, fetch just being probably the most fragile in that sense. > > Thanks for your attention. I am open to any audit, and of course like for any audit there will be bugs found. as for usage of superuser privileges, we use capsicum sandbox in most sensitive cases, like signature verification for example. so while we are clearly not bullet proof, I don't think the situation is dramatic at all. Best regards, Bapt