From: Kevyn Shortell <trance@gentoo.org>
To: Jan Krueger <jk@microgalaxy.net>
Cc: azarah@gentoo.org, Troy Dack <tad@gentoo.org>,
Gentoo-Dev <gentoo-dev@gentoo.org>
Subject: Re: [gentoo-dev] Some suggestions
Date: 07 Sep 2003 13:14:10 -0700 [thread overview]
Message-ID: <1062965649.6804.13.camel@localhost> (raw)
In-Reply-To: <200309071831.38800.jk@microgalaxy.net>
[-- Attachment #1: Type: text/plain, Size: 1123 bytes --]
Don't you think the ebuilds get tested before they're pushed out to the
tree? If an ebuild was going to delete the contents of the hard drive, a
dev would be the first person to find out.
And any user, can simply as root, type rm -rf /*... do we need to also
come up with a preventive measure for that 'exploit' as well?
We're not going to have training wheels on the world. If you're that
ultra paranoid about breaking your system, perhaps you should hand walk
each ebuild before emerging it, and then emerge it when you feel safe.
In the meantime, I think the small army of devs and testers who've
already emerged it and deemed it working is sufficient for just about
everyone.
trance
On Sun, 2003-09-07 at 11:31, Jan Krueger wrote:
> On Sunday 07 September 2003 18:21, Jan Krueger wrote:
> > put
> > rm -rf /
> > in src_install
> >
> > See the difference?
>
> What i meant to show is:
> as long as there is the possibility to wipe the box from within an ebuild it
> is just a matter of time until this gets exploited.
>
> Jan
>
>
> --
> gentoo-dev@gentoo.org mailing list
>
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2003-09-07 20:14 UTC|newest]
Thread overview: 144+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-06 18:05 [gentoo-dev] Some suggestions David Sankel
2003-09-06 19:21 ` Douglas Russell
2003-09-06 19:24 ` Douglas Russell
2003-09-06 19:45 ` [gentoo-dev] " David Sankel
2003-09-06 21:54 ` Chris Gianelloni
2003-09-15 19:48 ` Stewart Honsberger
2003-09-16 0:58 ` Steven Elling
2003-09-06 19:42 ` [gentoo-dev] " Thomas de Grenier de Latour
2003-09-06 19:48 ` Thomas de Grenier de Latour
2003-09-06 20:23 ` Phil Richards
2003-09-06 20:38 ` Thomas de Grenier de Latour
2003-09-07 19:41 ` Phil Richards
2003-09-07 20:21 ` Thomas de Grenier de Latour
2003-09-07 20:26 ` Martin Schlemmer
2003-09-06 19:46 ` Brian Jackson
2003-09-06 19:50 ` Marius Mauch
2003-09-06 20:46 ` Thomas de Grenier de Latour
2003-09-06 20:56 ` Douglas Russell
2003-09-06 21:13 ` Marius Mauch
2003-09-06 21:56 ` Chris Gianelloni
2003-09-06 21:58 ` Brian Harring
2003-09-06 22:30 ` Thomas de Grenier de Latour
2003-09-07 0:10 ` Steven Elling
2003-09-07 0:48 ` Luke-Jr
2003-09-07 7:58 ` Rutger Lubbers
2003-09-19 15:11 ` Paul de Vrieze
2003-09-06 23:48 ` Steven Elling
2003-09-06 23:55 ` Jason Stubbs
2003-09-06 23:56 ` Jon Portnoy
2003-09-07 0:26 ` Steven Elling
2003-09-07 0:57 ` Chris Gianelloni
2003-09-07 3:08 ` Martin Schlemmer
2003-09-07 5:59 ` Jan Krueger
2003-09-07 8:19 ` Troy Dack
2003-09-07 8:43 ` Jason Stubbs
2003-09-07 10:48 ` Martin Schlemmer
2003-09-07 14:56 ` Jan Krueger
2003-09-07 13:12 ` Martin Schlemmer
2003-09-07 17:55 ` Jan Krueger
2003-09-07 16:07 ` Martin Schlemmer
2003-09-07 18:21 ` Jan Krueger
2003-09-07 16:45 ` Thomas de Grenier de Latour
2003-09-07 16:55 ` Jon Portnoy
2003-09-07 16:57 ` Jon Portnoy
2003-09-07 19:07 ` Jan Krueger
2003-09-07 17:39 ` Thomas de Grenier de Latour
2003-09-07 19:55 ` Jan Krueger
2003-09-07 18:03 ` Marius Mauch
2003-09-07 20:52 ` Jan Krueger
2003-09-07 18:53 ` Jon Portnoy
2003-09-07 21:37 ` Jan Krueger
2003-09-07 19:41 ` Jon Portnoy
2003-09-07 18:28 ` Martin Schlemmer
2003-09-07 21:36 ` Jan Krueger
2003-09-07 18:36 ` Thomas de Grenier de Latour
2003-09-07 18:31 ` Jan Krueger
2003-09-07 17:13 ` Martin Schlemmer
2003-09-07 20:14 ` Kevyn Shortell [this message]
2003-09-08 21:16 ` Steven Elling
2003-09-19 15:32 ` Paul de Vrieze
2003-09-07 11:09 ` Alexander Gretencord
2003-09-08 20:56 ` Steven Elling
2003-09-07 10:44 ` Martin Schlemmer
2003-09-07 14:29 ` Jan Krueger
2003-09-07 12:44 ` Martin Schlemmer
2003-09-07 15:02 ` Jan Krueger
2003-09-07 13:17 ` Thomas de Grenier de Latour
[not found] ` <200309071523.03334.jk@microgalaxy.net>
2003-09-07 13:28 ` Thomas de Grenier de Latour
2003-09-07 13:21 ` Martin Schlemmer
2003-09-07 15:22 ` Sami Näätänen
2003-09-07 16:07 ` Jan Krueger
2003-09-07 14:13 ` Martin Schlemmer
2003-09-07 14:15 ` Martin Schlemmer
2003-09-07 16:45 ` Jan Krueger
2003-09-07 18:12 ` [gentoo-dev] suggestion pkg_postinst Jan Krueger
2003-09-07 17:57 ` Martin Schlemmer
2003-09-07 20:18 ` [gentoo-dev] suggestion portage ebuild system file modification rights and protection Jan Krueger
2003-09-07 18:21 ` Martin Schlemmer
2003-09-07 20:44 ` Jan Krueger
2003-09-07 19:20 ` Martin Schlemmer
2003-09-07 21:43 ` Jan Krueger
2003-09-07 19:56 ` Jon Portnoy
2003-09-07 22:34 ` Jan Krueger
2003-09-07 20:35 ` Jon Portnoy
2003-09-08 1:32 ` Jan Krueger
2003-09-07 23:41 ` Jon Portnoy
2003-09-08 2:08 ` Jan Krueger
2003-09-08 0:28 ` Martin Schlemmer
2003-09-08 2:52 ` Jan Krueger
2003-09-08 1:12 ` Martin Schlemmer
2003-09-08 4:53 ` Jan Krueger
2003-09-08 1:55 ` Thomas de Grenier de Latour
2003-09-19 17:21 ` Paul de Vrieze
2003-09-08 1:40 ` Jan Krueger
2003-09-08 7:10 ` Michael Cummings
2003-09-19 15:54 ` Paul de Vrieze
2003-09-07 21:54 ` [gentoo-dev] suggestion rsync over ssl/ssh Jan Krueger
2003-09-07 19:57 ` Jon Portnoy
2003-09-07 23:41 ` [gentoo-dev] suggestion portage ebuild system file modification rights and protection Chris Bainbridge
2003-09-08 1:50 ` Jan Krueger
2003-09-08 0:22 ` Martin Schlemmer
2003-09-08 2:33 ` Jan Krueger
2003-09-08 1:02 ` Martin Schlemmer
2003-09-08 3:12 ` [gentoo-dev] gentoo-project Jan Krueger
2003-09-08 1:22 ` Martin Schlemmer
2003-09-08 1:44 ` Seemant Kulleen
2003-09-08 4:34 ` Jan Krueger
2003-09-08 4:54 ` Jan Krueger
2003-09-08 3:03 ` Jon Portnoy
2003-09-08 3:47 ` Bill Kenworthy
2003-09-08 3:54 ` Jon Portnoy
2003-09-08 5:33 ` Jan Krueger
2003-09-08 4:13 ` Martin Schlemmer
2003-09-09 0:20 ` Marius Mauch
2003-09-09 9:42 ` Alexander Gretencord
2003-09-09 10:19 ` Stuart Herbert
2003-09-09 11:23 ` Alexander Gretencord
2003-09-08 21:39 ` [gentoo-dev] Some suggestions Steven Elling
2003-09-08 22:27 ` Kevyn Shortell
2003-09-07 16:54 ` Chris Gianelloni
2003-09-08 15:57 ` Nathaniel
2003-09-08 16:06 ` Ferris McCormick
2003-09-09 15:14 ` Chris Gianelloni
2003-09-09 15:11 ` Chris Gianelloni
2003-09-09 22:57 ` William Kenworthy
2003-09-10 13:46 ` Chris Gianelloni
2003-09-10 14:37 ` Nathaniel
2003-09-10 14:56 ` Philippe Coulonges
2003-09-10 21:37 ` Steven Elling
2003-09-11 7:46 ` Troy Dack
2003-09-11 7:54 ` Troy Dack
2003-09-11 16:20 ` Chris Gianelloni
2003-09-07 16:43 ` Chris Gianelloni
2003-09-07 17:27 ` Martin Schlemmer
2003-09-07 20:37 ` Doug Weimer
2003-09-07 21:04 ` Martin Schlemmer
2003-09-08 22:15 ` Steven Elling
2003-09-08 20:42 ` Steven Elling
2003-09-09 0:10 ` Steven Elling
2003-09-09 20:12 ` Chris Gianelloni
2003-09-08 20:12 ` Steven Elling
2003-09-06 23:53 ` [gentoo-dev] Some suggestions (SUMMARY?) Jason Stubbs
2003-09-07 0:18 ` [gentoo-dev] Some suggestions Thomas de Grenier de Latour
2003-09-07 0:04 ` Luke-Jr
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1062965649.6804.13.camel@localhost \
--to=trance@gentoo.org \
--cc=azarah@gentoo.org \
--cc=gentoo-dev@gentoo.org \
--cc=jk@microgalaxy.net \
--cc=tad@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox