From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-6460-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 7399 invoked by uid 1002); 7 Sep 2003 18:13:28 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 4884 invoked from network); 7 Sep 2003 18:13:28 -0000
From: Jan Krueger <jk@microgalaxy.net>
Organization: microgalaxy.net
To: azarah@gentoo.org
Date: Sun, 7 Sep 2003 20:18:57 +0000
User-Agent: KMail/1.5.2
Cc: Gentoo-Dev <gentoo-dev@gentoo.org>,
 Thomas de Grenier de Latour <degrenier@easyconnect.fr>
References: <pan.2003.09.06.18.05.15.543497@nonconformity.net> <200309071812.47423.jk@microgalaxy.net> <1062957458.8455.142.camel@nosferatu.lan>
In-Reply-To: <1062957458.8455.142.camel@nosferatu.lan>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200309072018.57030.jk@microgalaxy.net>
Subject: Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection
X-Archives-Salt: ecc0249f-3212-4252-bd86-b7bc6d4fbd6b
X-Archives-Hash: 52d19cb6f5fbcee117aae8b28642dcb8

On Sunday 07 September 2003 17:57, Martin Schlemmer wrote:
> and change '${D}/usr/sbin/foo' to '${D}/sbin/init' ?
> (ok, yes, its not going to work as a script if I remember
>  correctly .. but a simple c wrapper is quick to code).

Cool, you just found another security bug in portage!

go on :)

So, the required feature thats implied with your detection, would be the 
possibility to protect the already installed packages from modification 
through installation of another package.

Or said in different words:
if one emerges an ebuild this ebuild is allowed only to add files to the 
system that did not exist before and/or change only files that got installed 
by a previous revision of the same ebuild. This way it would be impossible 
for the ebuild to change existing files, like /sbin/init, in the system. Its 
forbidden.

Thank you for enlightening this.

Some days ago i stumbled over this:
try
emerge ezmlm
and
emerge ezmlm-idx
they happily overwrite each other. Preventing such mess inside portage would 
be of great value for security and overall quality.

Jan


--
gentoo-dev@gentoo.org mailing list