Hi again,
I couldn't resist and have read some messages, and I belive some people
are missing the point.
It's really easy:
There are many kinds of funny security things in a Linux/Unix
environment to protect the user from software failures (like typos rm ./
-> rm /) or attackers. People normally don't use the root account, are
building chroots for specific programs, some programs are getting
special rights or user accounts, or even stuff like selinux and grsecurity.
Portage/emerge also does some things, there are the digests which
ensures that the software fetched is not changed (again either by error
or an attacker) and there is the sandbox to ensure the
installation-scripts from the packages don't delete or overwrite files
they shouldn't (again either by error or an attacker).
But then there are the ebuilds and the eclasses. This are scripts often
changed and fetched unchecked from the internet.
And those are normally run as root.
And this normally happens on a daily or weekly basis.
So you have on the one side carefully crafted environments to protect
the system/user from software-failures or attackers, but on the other
side there is portage which is run regulary and is fetching scripts from
the internet which are run unchecked by root.
I think this explains why I doesn't understand that nobody cares about that.
Kind regards,
Alexander Holler
--
gentoo-security@gentoo.org mailing list
I couldn't resist and have read some messages, and I belive some people
are missing the point.
It's really easy:
There are many kinds of funny security things in a Linux/Unix
environment to protect the user from software failures (like typos rm ./
-> rm /) or attackers. People normally don't use the root account, are
building chroots for specific programs, some programs are getting
special rights or user accounts, or even stuff like selinux and grsecurity.
Portage/emerge also does some things, there are the digests which
ensures that the software fetched is not changed (again either by error
or an attacker) and there is the sandbox to ensure the
installation-scripts from the packages don't delete or overwrite files
they shouldn't (again either by error or an attacker).
But then there are the ebuilds and the eclasses. This are scripts often
changed and fetched unchecked from the internet.
And those are normally run as root.
And this normally happens on a daily or weekly basis.
So you have on the one side carefully crafted environments to protect
the system/user from software-failures or attackers, but on the other
side there is portage which is run regulary and is fetching scripts from
the internet which are run unchecked by root.
I think this explains why I doesn't understand that nobody cares about that.
Kind regards,
Alexander Holler
--
gentoo-security@gentoo.org mailing list