From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HKqlq-0001XJ-EA for garchives@archives.gentoo.org; Sat, 24 Feb 2007 06:52:38 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l1O6pvHi009164; Sat, 24 Feb 2007 06:51:57 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l1O6pu4q009159 for ; Sat, 24 Feb 2007 06:51:56 GMT Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id BDE9164D72 for ; Sat, 24 Feb 2007 06:51:55 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -2.589 X-Spam-Level: X-Spam-Status: No, score=-2.589 required=5.5 tests=[AWL=0.010, BAYES_00=-2.599] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9xC3ZfrJnIDU for ; Sat, 24 Feb 2007 06:51:48 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 3948F64D6E for ; Sat, 24 Feb 2007 06:51:47 +0000 (UTC) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1HKqku-0001Su-IN for gentoo-portage-dev@gentoo.org; Sat, 24 Feb 2007 07:51:40 +0100 Received: from ip68-231-13-122.ph.ph.cox.net ([68.231.13.122]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 24 Feb 2007 07:51:40 +0100 Received: from 1i5t5.duncan by ip68-231-13-122.ph.ph.cox.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sat, 24 Feb 2007 07:51:40 +0100 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-portage-dev@lists.gentoo.org From: Duncan <1i5t5.duncan@cox.net> Subject: [gentoo-portage-dev] Re: New preserve-libs feature Date: Sat, 24 Feb 2007 06:51:31 +0000 (UTC) Message-ID: References: <20070217144914.593f376b@sheridan.genone.homeip.net> <200702171009.35968.vapier@gentoo.org> <200702231422.05809.carlo@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-portage-dev@gentoo.org Reply-to: gentoo-portage-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: ip68-231-13-122.ph.ph.cox.net User-Agent: Pan/0.125 (Potzrebie) Sender: news X-Archives-Salt: 9579b663-15ee-43e4-a69a-b278e1adca9b X-Archives-Hash: d7aceac9ecda06505357a43c6077af9c Carsten Lohrke posted 200702231422.05809.carlo@gentoo.org, excerpted below, on Fri, 23 Feb 2007 14:22:05 +0100: > I consider the preserve-libs functionality one of the biggest > security threats for Gentoo users. You may dismiss this, saying the > problem sits in front of the keyboard, but I'm telling you this is > careless and that we can do better: > > echo "/path/to/preserved.so" >> /var/lib/portage/preserved_libs > > stores the libraries, and Portage can each time emerge is run look up, > if the file lists libraries, check, if those exist, if not remove the > lines or otherwise warn the user about the possibly vulnerable libraries > and tell him what to do. +1 here! During my own sysadmin-ings, I've wondered why there wasn't such a list on several occasions. It would make things /so/ much simpler, at least from the sysadmin perspective. (Of course, I realize that's /not/ the same thing as simpler from a portage perspective, but anyway, that's what's being discussed here. =8^) If this is added, I think it's big enough to have it mentioned in the handbook as well. Having that handy list all nicely centralized to one location would be a /big/ boon to security conscious Gentoo sysadmins everywhere, so it's easily worth mentioning in the handbook as one of the valuable tools portage provides. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- gentoo-portage-dev@gentoo.org mailing list