[clc-devel] httpup repositories and unmaintained (next try) [long]

Victor victord at v600.net
Tue Aug 24 15:06:04 UTC 2004


Johannes Winkelmann wrote:
> Hey,
> 
> On Tue, Aug 24, 2004 at 12:50:52 +0300, Jukka Heino wrote:
> 
>>Hi,
>>
>>Since discussion seems to be dying out and the solution Johannes 
>>suggested could apparently only improve the current situation of rotting 
>>unmaintained ports and decentralized repositories, I propose we start 
>>implementing the 'people' collection if no one has anything major 
>>against it.
> 
> Actually, I asked Per about his opinion and he mentioned that there's a
> servere security risk: if someone puts something malicious into a
> Pkgfile like the following:
> 
> --- quote ---
> name=xyz
> version=1000
> release=1
> rm -rf /
> 
> build() {
>     ...
> }
> --- /quote --
> 
> A simple 'ports -d' would be sufficient to make you appreciate your
> backups. Obviously, this can be done in a private repository as well,
> but with a central big collection with somewhat implied trust (since
> it's controlled by CLC after all), we'd simplify such an attack a lot.
> 
> There are a few solutions which come to mind, but all terminate the goal
> of "no access restrictions":
> - only accept repos from known persons
> - require a GnuPG signatures conforming to a yet-to-be-defined level of
>   trust

I do not think this is a Repository issue but a package system issue. 
Perhaps what we should revisit is chroot approaches to building packages 
or maybe using fakeroot to at least limit the damage. After all, sooner 
or later, someone, by error or otherwise, will do something like this. 
however protecting people from themselves introduces complexity that 
most don't want, so...

Unfortunately, mount -r --bind /lib lib didn't seem to work, well, just 
an idea.

Victor



More information about the crux-devel mailing list