Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Ben Cressey <ben@×××××.org>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] courier-imap
Date: Fri, 26 Mar 2004 15:29:34
Message-Id: 007601c41347$18dc19e0$7f16010a@na.saralee.com
In Reply to: Re: [gentoo-security] courier-imap by Matt Hallmark
1 Interesting read, thanks for the link.
2
3 Ben
4
5 ----- Original Message -----
6 From: "Matt Hallmark" <matt@×××××××××××××.com>
7 To: <gentoo-security@l.g.o>
8 Sent: Friday, March 26, 2004 10:09 AM
9 Subject: Re: [gentoo-security] courier-imap
10
11
12 > As someone interested in these happenings, I might point you at the most
13 > recent Gentoo Weekly Newsletter.
14 >
15 > http://www.gentoo.org/news/en/gwn/20040322-newsletter.xml
16 >
17 > In it glsa-check is mentioned as a new means to identify security issues
18 > in gentoo. It'll eventually me merged into emerge (heh) in the future.
19 >
20 > This doesn't do us much good if the issue is never declared as a GLSA
21 > though, which seems to be Ben's main problem here.
22 >
23 > Matt Hallmark
24 >
25 > Ben Cressey wrote:
26 >
27 > > Kurt Lieber wrote:
28 > >
29 > >>This would only be done in the most extreme cases, of which this is not
30 > >>one.
31 > >
32 > >
33 > > That policy makes sense, I admit. I'm not trying to blow this out of
34 > > proportion (and I notice that the new courier-imap ebuild is available
35 in
36 > > stable at the moment), just trying to realign my assumptions about
37 gentoo
38 > > and security with the reality of the process.
39 > >
40 > > I've been giving it some thought this morning, and I have a question.
41 Would
42 > > it be feasible to add architecture-specific "security" keywords, such as
43 > > +x86 alongside ~x86 and x86? +x86 would have the following differences
44 over
45 > > mainline x86:
46 > >
47 > > 1) Any ebuild with a known security flaw would be removed immediately.
48 > > 2) Old ebuilds would never "age out" of this keyword.
49 > >
50 > > Users could then set this keyword instead of the default x86, and could
51 run
52 > > emerge with a "--securityupdate" option that would only suggest
53 upgrading
54 > > packages that were installed and no longer part of +x86.
55 > >
56 > > Point #2 seems to be the most problematic, simply because older ebuilds
57 are
58 > > routinely deleted as the portage tree is updated and new versions become
59 > > available. Two solutions come to mind for this difficulty:
60 > >
61 > > 1) A "stub" of the old ebuild could be left in portage; this ebuild
62 would
63 > > not be enough to install the package, but would have the minimum set of
64 > > information required to act as a valid ebuild for that version, for the
65 > > purposes of the emerge --securityupdate check.
66 > >
67 > > 2) Alternatively, users with the +x86 keyword set would not have old
68 ebuilds
69 > > deleted from their portage tree during the rsync process.
70 > >
71 > > The difficulty with point #2 would be that package maintainers would
72 have no
73 > > way to go back and remove the +x86 keyword from an old version of the
74 ebuild
75 > > if that ebuild was no longer in portage. The problem with #1 seems to
76 be
77 > > that the number of ebuilds in the portage tree would continue to grow
78 over
79 > > time, and if a vulnerability was found, maintainers would potentially
80 have
81 > > dozens of old ebuilds to remove from +x86. #2 is probably the best
82 > > approach, if the difficulty can be overcome.
83 > >
84 > > Perhaps a "security.mask" could be added alongside package.mask, and
85 older,
86 > > out of tree versions of ebuilds affected by a security vulnerability
87 could
88 > > be masked from +x86 that way.
89 > >
90 > > Ben
91 > >
92 > >
93 > > --
94 > > gentoo-security@g.o mailing list
95 > >
96 >
97 > --
98 > gentoo-security@g.o mailing list
99 >
100 >
101
102
103 --
104 gentoo-security@g.o mailing list
Report Message
Find on MARC Find on Google Groups