Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Georgi Georgiev <chutz@×××.net>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [RFC] ACCEPT_RESTRICT for questionable values of RESTRICT
Date: Thu, 11 Jan 2007 21:41:28
Message-Id: 20070111213822.GA8354@lion.gg3.net
In Reply to: Re: [gentoo-dev] [RFC] ACCEPT_RESTRICT for questionable values of RESTRICT by Ciaran McCreesh
1 maillog: 11/01/2007-17:02:48(+0000): Ciaran McCreesh types
2 > On Thu, 11 Jan 2007 11:56:09 -0500 Mike Frysinger <vapier@g.o>
3 > wrote:
4 > | On Wednesday 10 January 2007 20:01, Ciaran McCreesh wrote:
5 > | > On Wed, 10 Jan 2007 19:56:00 -0500 Mike Frysinger
6 > | > <vapier@g.o>
7 > | > | as stated in original e-mail, unattended/sandbox are just some
8 > | > | examples, not the only ones
9 > | >
10 > | > So which RESTRICT values *should* the user legitimately have to care
11 > | > about?
12 > |
13 > | On Wednesday 10 January 2007 16:40, Chris Gianelloni wrote:
14 > | > I am a user. I don't want any of my compiles executing with
15 > | > elevated privileges. I have FEATURES=userpriv. Package foo has
16 > | > RESTRICT=userpriv. I don't have ACCEPT_RESTRICT=userpriv. When I
17 > | > try to install package foo, it fails, because I don't want to allow
18 > | > RESTRICT=userpriv.
19 >
20 > Bogus argument. If an ebuild were truly doing something naughty with
21 > elevated privs, it could just do it in one of the pkg_ phases. Since
22 > userpriv isn't a security feature, there's no advantage for the end
23 > user in restricting based upon it.
24 >
25 > So again, which RESTRICT variables should the user legitimately have to
26 > care about?
27
28 I agree that if an ebuild wants to misbehave it can and there is no
29 stopping it. However, code that is executed in pkg_* is generally
30 restricted to code written by the person who is involved in maintaining
31 the ebuild. It is easy to read that code and see what it does. In
32 contrast, the stuff that is run with lowered privileges is usually coded
33 upstream. I'd like to have that run with lowered privileges, no matter
34 what.
35
36 --
37 / Georgi Georgiev / As in certain cults it is possible to kill /
38 \ chutz@×××.net \ a process if you know its true name. -- \
39 / http://www.gg3.net/ / Ken Thompson and Dennis M. Ritchie /

Replies

Subject Author
Re: [gentoo-dev] [RFC] ACCEPT_RESTRICT for questionable values of RESTRICT Ciaran McCreesh <ciaranm@×××××××.org>
Report Message
Find on MARC Find on Google Groups