From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 22254 invoked by uid 1002); 7 Sep 2003 19:17:14 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 27759 invoked from network); 7 Sep 2003 19:17:11 -0000 From: Martin Schlemmer Reply-To: azarah@gentoo.org To: Jan Krueger Cc: Gentoo-Dev , Thomas de Grenier de Latour In-Reply-To: <200309072044.15194.jk@microgalaxy.net> References: <200309072018.57030.jk@microgalaxy.net> <1062958861.8455.144.camel@nosferatu.lan> <200309072044.15194.jk@microgalaxy.net> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-rdz7YpX/NnfoYaQFIiAP" Message-Id: <1062962428.8455.154.camel@nosferatu.lan> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.4 Date: Sun, 07 Sep 2003 21:20:28 +0200 Subject: Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection X-Archives-Salt: 5130da29-2d36-49ed-b8f3-1e17577d5b8e X-Archives-Hash: 1fa2093b9a36e07d73e64709448f3722 --=-rdz7YpX/NnfoYaQFIiAP Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Sun, 2003-09-07 at 22:44, Jan Krueger wrote: > On Sunday 07 September 2003 18:21, Martin Schlemmer wrote: > > On Sun, 2003-09-07 at 22:18, Jan Krueger wrote: > > > On Sunday 07 September 2003 17:57, Martin Schlemmer wrote: > > > > and change '${D}/usr/sbin/foo' to '${D}/sbin/init' ? > > > > (ok, yes, its not going to work as a script if I remember > > > > correctly .. but a simple c wrapper is quick to code). > > > > > > Cool, you just found another security bug in portage! > > > > > > go on :) > > > > > > So, the required feature thats implied with your detection, would be = the > > > possibility to protect the already installed packages from modificati= on > > > through installation of another package. > > > > And if this was baselayout that was compromised ? >=20 > Then you either > -should have audited the ebuild and code of baselayout > -hope that the md5sum protection alarmes you > -hope that the signature protection alarmes you (not yet implemented) > -hope that the security-oriented program analysis alarmes you (not yet=20 > implemented) > -hope that the problem hit someone else before you so it got widely publi= shed=20 > and you read the news > -hope that the automated test-procedures of gentoo detects the fault (not= yet=20 > implemented) > -invent a special baselayout protection > -have a second authorized tree that got not compromised (because operatio= nal=20 > independend to the one gentoo tree with a special procedure that aims to=20 > prevent to move of compromised things between the trees) to compare again= st=20 > before emerge. > -install some other os (with maybe different problems) > -go out for a walk and watch sparrows or so :) > -forbid the emerge of baselayout because you think its better to install=20 > baselayout in a special hardened way instead. >=20 So how are any of these going to help if you do not trust us or any other developers/upstream_authors, encryption, etc, etc. I mean, this *IS* what this whole issue is about, no ? --=20 Martin Schlemmer Gentoo Linux Developer, Desktop/System Team Developer Cape Town, South Africa --=-rdz7YpX/NnfoYaQFIiAP Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQA/W4T8qburzKaJYLYRAow1AJ97bGg+O6/9LzRozMVxVh+YO60dqACeIz8Z 8MjLpbfxqmrVABzY26rwJdU= =USNy -----END PGP SIGNATURE----- --=-rdz7YpX/NnfoYaQFIiAP--