From: Mike Frysinger <vapier@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] how to handle sensitive files when generating binary packages
Date: Wed, 20 Jun 2007 16:07:07 -0400 [thread overview]
Message-ID: <200706201607.07713.vapier@gentoo.org> (raw)
In-Reply-To: <1182344680.7336.18.camel@TesterBox.tester.ca>
[-- Attachment #1: Type: text/plain, Size: 1632 bytes --]
On Wednesday 20 June 2007, Olivier Crête wrote:
> On Wed, 2007-20-06 at 00:47 -0400, Mike Frysinger wrote:
> > there are many files out there that contain critical information about
> > your system ...
> >
> > however, there are certainly cases where the admin fully knows what
> > they're doing and they want to create a binary package of their system
> > with these sensitive files ... so where to meet in the middle.
> >
> > any other potential ideas ? (pretend my idea here isnt the greatest
> > thing since Robot Chicken)
>
> I will claim that almost any file in /etc is potentially sensitive (even
> if it does not contain passwords, if may contain other informations
> interesting to a cracker). And even if we did what you propose, we'd run
> the risk of missing some and giving the user a false sense of security.
dont limit yourself to /etc, we're really talking CONFIG_PROTECT ... i wanted
to avoid that large envelop as there are plenty of files in there which would
never be of concern (mime.types?), but perhaps it's the only sane way to
go ... we say anything that is CONFIG_PROTECT-ed is (by nature) potentially
sensitive rather than expanding the ebuild API to have ebuild writers
explicitly mark things ...
> Maybe we should document somewhere that the only way to make bin pkg
> that are safe for public distribution is to do emerge -b or -B .. And
> that pkgs built with quickpkg may contain sensitive information.
seriously, come on, you dont really expect people to read such things ?
no reason to write off something critical like this when it can be addressed
-mike
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 827 bytes --]
next prev parent reply other threads:[~2007-06-20 20:11 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-20 4:47 [gentoo-dev] how to handle sensitive files when generating binary packages Mike Frysinger
2007-06-20 10:45 ` Andrew Gaffney
2007-06-20 10:49 ` Marius Mauch
2007-06-20 11:54 ` [gentoo-dev] VDB Changes (Was Re: how to handle sensitive files when generating binary packages) Steve Long
2007-06-20 19:57 ` [gentoo-dev] how to handle sensitive files when generating binary packages Mike Frysinger
2007-06-20 20:18 ` Petteri Räty
2007-06-20 20:27 ` Mike Frysinger
2007-06-20 20:35 ` Ciaran McCreesh
2007-06-20 20:48 ` Olivier Crête
2007-06-20 20:55 ` Ciaran McCreesh
2007-06-20 20:54 ` Mike Frysinger
2007-06-20 21:01 ` Ciaran McCreesh
2007-06-20 21:19 ` Mike Frysinger
2007-06-20 21:22 ` Ciaran McCreesh
2007-06-20 21:38 ` Mike Frysinger
2007-06-20 21:48 ` Ciaran McCreesh
2007-06-20 21:59 ` Mike Frysinger
2007-06-20 22:02 ` Olivier Crête
2007-06-20 22:28 ` Mike Frysinger
2007-06-20 22:41 ` Olivier Crête
2007-06-20 22:50 ` Mike Frysinger
2007-06-20 23:11 ` Chris Gianelloni
2007-06-20 23:44 ` Mike Frysinger
2007-06-20 22:31 ` Chris Gianelloni
2007-06-20 22:35 ` Ciaran McCreesh
2007-06-20 22:49 ` Luca Barbato
2007-06-20 23:08 ` Chris Gianelloni
2007-06-20 23:12 ` Daniel Ostrow
2007-06-20 23:51 ` [gentoo-dev] " Steve Long
2007-06-20 23:18 ` [gentoo-dev] " Ciaran McCreesh
2007-06-21 7:57 ` Tobias Klausmann
2007-06-20 22:58 ` Jan Kundrát
2007-06-20 21:04 ` William L. Thomson Jr.
2007-06-20 21:11 ` Ned Ludd
2007-06-20 21:38 ` Mike Frysinger
2007-06-20 13:04 ` Olivier Crête
2007-06-20 13:15 ` Matthias Schwarzott
2007-06-20 15:43 ` [gentoo-dev] " Duncan
2007-06-20 16:44 ` [gentoo-dev] " Marius Mauch
2007-06-20 20:07 ` Mike Frysinger [this message]
2007-06-20 20:12 ` Ciaran McCreesh
2007-06-20 20:19 ` Andrew Gaffney
2007-06-20 20:25 ` Ciaran McCreesh
2007-06-20 20:53 ` Andrew Gaffney
2007-06-20 21:09 ` William L. Thomson Jr.
2007-06-21 1:38 ` [gentoo-dev] User warnings (Was Re: how to handle sensitive files when generating binary packages) Steve Long
2007-06-21 1:42 ` [gentoo-dev] Re: how to handle sensitive files when generating binary packages Steve Long
2007-06-21 0:13 ` [gentoo-dev] " Josh Saddler
2007-06-21 2:24 ` Mike Frysinger
2007-06-21 3:04 ` Mike Frysinger
2007-06-21 3:18 ` Josh Saddler
2007-06-21 6:11 ` Ned Ludd
2007-06-21 6:23 ` Vlastimil Babka
2007-06-21 6:17 ` Vlastimil Babka
2007-06-22 6:24 ` Mike Frysinger
2007-06-20 20:26 ` Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200706201607.07713.vapier@gentoo.org \
--to=vapier@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox