From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev-return-6554-arch-gentoo-dev=gentoo.org@gentoo.org>
Received: (qmail 23466 invoked by uid 1002); 9 Sep 2003 10:22:23 -0000
Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:gentoo-dev@gentoo.org>
List-Help: <mailto:gentoo-dev-help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev-unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev-subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Received: (qmail 732 invoked from network); 9 Sep 2003 10:22:23 -0000
From: Stuart Herbert <stuart@gentoo.org>
To: Alexander Gretencord <arutha@gmx.de>,
 Jan Krueger <jk@microgalaxy.net>
Date: Tue, 9 Sep 2003 11:19:48 +0100
User-Agent: KMail/1.5.3
Cc: gentoo-dev@gentoo.org
References: <pan.2003.09.06.18.05.15.543497@nonconformity.net> <200309080533.05121.jk@microgalaxy.net> <200309091142.56942.arutha@gmx.de>
In-Reply-To: <200309091142.56942.arutha@gmx.de>
MIME-Version: 1.0
Content-Type: multipart/signed;
  protocol="application/pgp-signature";
  micalg=pgp-sha1;
  boundary="Boundary-02=_HlaX/7TrhW47K2y";
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200309091119.51191.stuart@gentoo.org>
Subject: Re: [gentoo-dev] gentoo-project
X-Archives-Salt: c9fe3e19-3047-4660-84af-0012d5d530cc
X-Archives-Hash: b5c12de202fc05175ce3c4d3f233cd4e

--Boundary-02=_HlaX/7TrhW47K2y
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Tuesday 09 September 2003 10:42 am, Alexander Gretencord wrote:
> Making pkg_postinst sandboxed too would
> be cool, prevents some lame things from happening because someone was
> asleep when commiting an ebuild but thats it. It doesn't help against an
> attacker.

That would not be cool at all.  pkg_postinst is *the* one place in the ebui=
ld=20
where we can do things that need to be done on the live filesystem or the=20
machine at large.  Sandboxing this would not be helpful.

By the time the ebuild is being executed on your machine, it's already too=
=20
late.  If security is what you want, you need something that'll stop the co=
de=20
running in the first place.

Best regards,
Stu
=2D-=20
Stuart Herbert                                              stuart@gentoo.o=
rg
Gentoo Developer                                       http://www.gentoo.or=
g/
Beta packages for download            http://dev.gentoo.org/~stuart/package=
s/
Come and meet me in March 2004                 http://www.phparch.com/cruis=
e/

GnuGP key id# F9AFC57C available from http://pgp.mit.edu
Key fingerprint =3D 31FB 50D4 1F88 E227 F319  C549 0C2F 80BA F9AF C57C
=2D-

--Boundary-02=_HlaX/7TrhW47K2y
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQA/XalHDC+AuvmvxXwRApjiAJ9vztHl6342wpisdb/FFFjAAXYhWwCfSrt2
6q01nlUOZw88zvWgqAGOQDw=
=YIty
-----END PGP SIGNATURE-----

--Boundary-02=_HlaX/7TrhW47K2y--