• @gomp@lemmy.ml
    link
    fedilink
    2
    edit-2
    5 months ago

    Binary packages have scripts (IIRC for .deb they are preinst/postinst to be run before/after installation and prerm/postrm before/after removal) that are run as root.

    BTW the “unzip” part is also run as root, and a binary package can typically place stuff anywhere in your system (that’s their job after all)… even if you used literal zip files they could still install a script in ways that would cause the OS to execute it.

    • The Cuuuuube
      link
      fedilink
      English
      15 months ago

      Yeah I’m over simplifying on purpose here. The bottom line is piping into sh is dangerous