[clc-devel] httpup repositories and unmaintained (next try) [long]
Victor
victord at v600.net
Tue Aug 24 15:06:04 UTC 2004
Johannes Winkelmann wrote:
> Hey,
>
> On Tue, Aug 24, 2004 at 12:50:52 +0300, Jukka Heino wrote:
>
>>Hi,
>>
>>Since discussion seems to be dying out and the solution Johannes
>>suggested could apparently only improve the current situation of rotting
>>unmaintained ports and decentralized repositories, I propose we start
>>implementing the 'people' collection if no one has anything major
>>against it.
>
> Actually, I asked Per about his opinion and he mentioned that there's a
> servere security risk: if someone puts something malicious into a
> Pkgfile like the following:
>
> --- quote ---
> name=xyz
> version=1000
> release=1
> rm -rf /
>
> build() {
> ...
> }
> --- /quote --
>
> A simple 'ports -d' would be sufficient to make you appreciate your
> backups. Obviously, this can be done in a private repository as well,
> but with a central big collection with somewhat implied trust (since
> it's controlled by CLC after all), we'd simplify such an attack a lot.
>
> There are a few solutions which come to mind, but all terminate the goal
> of "no access restrictions":
> - only accept repos from known persons
> - require a GnuPG signatures conforming to a yet-to-be-defined level of
> trust
I do not think this is a Repository issue but a package system issue.
Perhaps what we should revisit is chroot approaches to building packages
or maybe using fakeroot to at least limit the damage. After all, sooner
or later, someone, by error or otherwise, will do something like this.
however protecting people from themselves introduces complexity that
most don't want, so...
Unfortunately, mount -r --bind /lib lib didn't seem to work, well, just
an idea.
Victor
More information about the crux-devel
mailing list