Attention: Proprietary video driver users (ATI, Nvidia, etc.)
Jeff Spaleta
jspaleta at gmail.com
Fri Feb 24 15:36:43 UTC 2006
On 2/24/06, Ivan Gyurdiev <ivg2 at cornell.edu> wrote:
> The goal here is not to prevent Nvidia-supplied rpms to run on Linux.
> The goal is to prevent shell-based installers from modifying files that
> are "controlled" by the rpm database.
> Nvidia rpms would not create a problem on Fedora, since any conflicts
> with other rpms would be exposed by the package manager.
Correction.. non-crackrock rpms would not create a problem. You can
do an amazing amount of damage via postinstall scripts inside
packages. It wouldn't be all that difficult to create an nvidia rpm
that dropped the nvidia installer on the system and then ran the
installer via postinstall script. In fact I'm pretty sure I've seen
that sort of beast in the wild at some point. If your security is so
tight that postinstall actions during rpm packages would generally
fail when tampering with other package's files.. then you break lots
of postinstall actions.
-jef
More information about the fedora-devel-list
mailing list