rpms/tetex-font-cm-lgc/devel tetex-font-cm-lgc.spec,1.7,1.8
Ralf Corsepius
rc040203 at freenet.de
Wed Nov 2 16:07:12 UTC 2005
On Wed, 2005-11-02 at 09:39 -0600, Rex Dieter wrote:
> Ralf Corsepius wrote:
>
> > You are running programs in %post and %postun scriptlets. Just stick a
> > broken or malicious program somewhere into path, and you are breaking
> > the user's system.
>
> By that definition, isn't the user's system *already* broken (even
> before the %post/%postun)?
Of cause yes, but should this prevent us from preventing further harm?
Anyway, the classic situation this hits is users having corrupted their
"root" shell's environment by tweaking their non-interactive shell's
environment, or simply having accidentally installed/copied a program
into /sbin where a %pre*/%post*/trigg* scriptlet was supposed to pickup
one from /usr/sbin or /usr/bin.
Ralf
More information about the fedora-extras-list
mailing list