Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Mike Doty <kingtaco@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Resolve build time default editor dependency.
Date: Sun, 12 Nov 2006 14:47:54
Message-Id: 45573342.9030307@gentoo.org
In Reply to: Re: [gentoo-dev] Resolve build time default editor dependency. (was: How get ebuild provider virtual/category.) by "Harald van Dijk"
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 Harald van Dijk wrote:
5 > On Sun, Nov 12, 2006 at 04:56:33AM -0500, Mike Frysinger wrote:
6 >> On 11/12/06, Harald van Dijk <truedfx@g.o> wrote:
7 >>> On Sun, Nov 12, 2006 at 04:34:25AM -0500, Mike Frysinger wrote:
8 >>>> On 11/12/06, Peter Volkov (pva) <pva@g.o> wrote:
9 >>>>> The possible solution is to add virtual/editor ebuild
10 >>>> this is a horrible idea
11 >>>>
12 >>>> why not modify sudo to not filter the EDITOR env var then there is no
13 >>>> more problem
14 >>> Except for a gaping security hole.
15 >> pulling a ciaranm here huh ? if a guy has access to `sudo`, then
16 >> having a modified environment isnt going to make much difference
17 >
18 > sudo can be configured to only allow access to a select few applications.
19 > Allowing arbitrary EDITOR settings completely bypasses this.
20 so force EDITOR to something "secure" (infra uses rvim) but really,
21 visudo, vipw, crontab.... these can all be exploited to gain root access
22 thus making it silly to try to prevent in these cases.
23
24 - --
25 =======================================================
26 Mike Doty kingtaco -at- gentoo.org
27 Gentoo/AMD64 Strategic Lead
28 Gentoo Council
29 Gentoo Developer Relations
30 Gentoo Recruitment Lead
31 Gentoo Infrastructure
32 GPG: E1A5 1C9C 93FE F430 C1D6 F2AF 806B A2E4 19F4 AE05
33 =======================================================
34 -----BEGIN PGP SIGNATURE-----
35 Version: GnuPG v1.4.5 (GNU/Linux)
36
37 iQCVAwUBRVczQIBrouQZ9K4FAQKPrwQAk6vH/W7BRpEK896RE11PpFOJyPKxhYQZ
38 V0UPKHclNs3WEyx4jw8m743hHPQqd8OZ2Dn6GM5H88m9PdH+S7JtickCXH9SmN0w
39 E1ODtFbdS6Hg1T5N3Pghf6K+HWkyyvEBIvoffQW7jFpBAmhSWHBFcAwNuETey6pL
40 sIE+oLQo+48=
41 =5lw7
42 -----END PGP SIGNATURE-----
43 --
44 gentoo-dev@g.o mailing list

Replies

Subject Author
Re: [gentoo-dev] Resolve build time default editor dependency. "Harald van Dijk" <truedfx@g.o>
Report Message
Find on MARC Find on Google Groups