From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2375 invoked by uid 1002); 19 Sep 2003 17:21:30 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 7003 invoked from network); 19 Sep 2003 17:21:29 -0000 From: Paul de Vrieze To: gentoo-dev@gentoo.org Date: Fri, 19 Sep 2003 19:21:15 +0200 User-Agent: KMail/1.5.2 References: <20030907234111.GA9582@cerberus.oppresses.us> <200309080208.51371.jk@microgalaxy.net> In-Reply-To: <200309080208.51371.jk@microgalaxy.net> MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_Ssza/dB4Z35ipen"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200309191921.22977.pauldv@gentoo.org> X-Spam-Status: No, hits=-9.4 required=5.0 tests=BAYES_01,EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_KMAIL autolearn=ham version=2.55-uvt4 X-Spam-Checker-Version: SpamAssassin 2.55-uvt4 (1.174.2.19-2003-05-19-exp) X-Virus-Scanned: by AMaViS-ng (Milter interface) Subject: Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection X-Archives-Salt: 2a506313-4056-4b28-be3f-65aef52d3c4a X-Archives-Hash: fc928d2ae5edcf88077dcb9af0f55408 --Boundary-02=_Ssza/dB4Z35ipen Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Monday 08 September 2003 04:08, Jan Krueger wrote: > > Thats true for many open-source project. Some of them just try to get > organized more efficiently and succeed in doing so. > So, maybe there is a more appropriate organization model for gentoo? As one of the people responsible for the gentoo orginisation I can say that= we=20 are working on reorganizing gentoo. But gentoo as an organisation with over= =20 150 developers and even more contributors is not exactly like a speedboat=20 that can make sharp turns. It is more like an ocean liner that needs a long= =20 time to make a turn. Changes will be comming, and we try to implement them = as=20 fast as possible, but we are talking about changing mindsets and operation = of=20 people. Such things take time, lots of time. Further most people involved=20 with gentoo are doing this voluntarilly. We cannot put all our available ti= me=20 into gentoo. We have jobs and other responsibilities too. > > I say: > portage must respect my system inegrity! There is no 100% safe way for system integrity. The sandbox certainly is no= t a=20 perfect solution. One could use staticly compiled binaries to circumvent th= em=20 or mounts or whatever. If a package wants to do evil portage cannot stop it= =20 at all. Nor does it aim to, or should it aim to. For those systems that hav= e=20 that much security concerns one musth use quaranteening and things like=20 selinux or the like together with something like tripwire. Those technologi= es=20 are much better suited to the job than portage which would become=20 unmaintainable if it would need to include many tricks and workarounds for= =20 specific hacks (as there is no universal way to block attacks) > > > So we should never be able to tweak config files et al in an ebuild? > > an ebuild may freely modify its own config files. > modification of config files not belonging to the ebuild should be done v= ia > an already suggested, secure abstraction, lets say a function like: > changeconf phph.ini "line to add to phpini" > portage could then intercept, respecting the suggested CONFIG_EXCLUDE or > other user settings, or, if no user setting is the way, go to apply the > change. This way it would be impossible for the ebuild to wipe php.ini. > Also the user, via CONFIG_EXCLUDE, may completely switch of editing of > php.ini by ebuilds. On the other hand, if the user doesnt care, the ebuild > is free to add this line to php.ini. > What in those cases where not updating a configuration file (esp. one that = is=20 not supposed to be edited by humans at all) would result in a bug, or even= =20 worse a security issue. Yes, I believe that that could happen. Paul =2D-=20 Paul de Vrieze Gentoo Developer Mail: pauldv@gentoo.org Homepage: http://www.devrieze.net --Boundary-02=_Ssza/dB4Z35ipen Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQA/azsSbKx5DBjWFdsRAsOgAJ4gnrnOyg/GYuSoG65e0h8Yrl+DDACfQ4UQ hzYGnHNuJZbRG8rRpleYVUw= =Ywif -----END PGP SIGNATURE----- --Boundary-02=_Ssza/dB4Z35ipen--