From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-6461-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 2290 invoked by uid 1002); 7 Sep 2003 18:17:40 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 2373 invoked from network); 7 Sep 2003 18:17:37 -0000
From: Martin Schlemmer <azarah@gentoo.org>
Reply-To: azarah@gentoo.org
To: Jan Krueger <jk@microgalaxy.net>
Cc: Gentoo-Dev <gentoo-dev@gentoo.org>,
	Thomas de Grenier de Latour <degrenier@easyconnect.fr>
In-Reply-To: <200309072018.57030.jk@microgalaxy.net>
References: <pan.2003.09.06.18.05.15.543497@nonconformity.net>
	 <200309071812.47423.jk@microgalaxy.net>
	 <1062957458.8455.142.camel@nosferatu.lan>
	 <200309072018.57030.jk@microgalaxy.net>
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-tE04IjF42p6iI88knByT"
Message-Id: <1062958861.8455.144.camel@nosferatu.lan>
Mime-Version: 1.0
X-Mailer: Ximian Evolution 1.4.4 
Date: Sun, 07 Sep 2003 20:21:01 +0200
Subject: Re: [gentoo-dev] suggestion portage ebuild system file
	modification rights and protection
X-Archives-Salt: f4a86fdf-2dd3-4e51-a9f6-44c4f34bd775
X-Archives-Hash: 4088c2e873913921003a30e97572bbf0

--=-tE04IjF42p6iI88knByT
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sun, 2003-09-07 at 22:18, Jan Krueger wrote:
> On Sunday 07 September 2003 17:57, Martin Schlemmer wrote:
> > and change '${D}/usr/sbin/foo' to '${D}/sbin/init' ?
> > (ok, yes, its not going to work as a script if I remember
> >  correctly .. but a simple c wrapper is quick to code).
>=20
> Cool, you just found another security bug in portage!
>=20
> go on :)
>=20
> So, the required feature thats implied with your detection, would be the=20
> possibility to protect the already installed packages from modification=20
> through installation of another package.
>=20

And if this was baselayout that was compromised ?


--=20

Martin Schlemmer
Gentoo Linux Developer, Desktop/System Team Developer
Cape Town, South Africa



--=-tE04IjF42p6iI88knByT
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQA/W3cMqburzKaJYLYRAmdmAJ9XuMcdEyoPZTWL78onGshbtUirxwCdHIIy
ydeVaZNyxA/xHzBPBazRWfI=
=96pf
-----END PGP SIGNATURE-----

--=-tE04IjF42p6iI88knByT--