1 |
Kurt Lieber writes: |
2 |
|
3 |
> Perhaps you haven't done a good job of educating us, then. |
4 |
|
5 |
Then I'll explain it one last time. |
6 |
|
7 |
The entire contents of /usr/portage is not authenticated. |
8 |
All the manifest files, all the patches, all the ebuilds are |
9 |
obtained through a public network without _any_ form of |
10 |
authentication. |
11 |
|
12 |
This means that the wonderful SSP/PIE patches for gcc, the |
13 |
SELinux kernel, the PaX additions, the digest-checking for |
14 |
upstream packages -- it is all completely worthless, because |
15 |
after you have performed an "emerge sync" you have no idea |
16 |
what your system does. |
17 |
|
18 |
Anybody who has access to a mildly central router or domain |
19 |
name server in the Internet can take your machine over |
20 |
completely without any effort at all. And as it happens, |
21 |
there is (a) no way for the user to remedy this situation, |
22 |
there is (b) no way to recognize this has happened, and (c) |
23 |
the vulnerability has been known for over 1.5 years. |
24 |
|
25 |
Does that make it any clearer why this problem might be |
26 |
worth being solved, like, soon? |
27 |
|
28 |
Peter |
29 |
|
30 |
|
31 |
-- |
32 |
gentoo-security@g.o mailing list |