| 1 |
Kurt Lieber writes: |
| 2 |
|
| 3 |
> Perhaps you haven't done a good job of educating us, then. |
| 4 |
|
| 5 |
Then I'll explain it one last time. |
| 6 |
|
| 7 |
The entire contents of /usr/portage is not authenticated. |
| 8 |
All the manifest files, all the patches, all the ebuilds are |
| 9 |
obtained through a public network without _any_ form of |
| 10 |
authentication. |
| 11 |
|
| 12 |
This means that the wonderful SSP/PIE patches for gcc, the |
| 13 |
SELinux kernel, the PaX additions, the digest-checking for |
| 14 |
upstream packages -- it is all completely worthless, because |
| 15 |
after you have performed an "emerge sync" you have no idea |
| 16 |
what your system does. |
| 17 |
|
| 18 |
Anybody who has access to a mildly central router or domain |
| 19 |
name server in the Internet can take your machine over |
| 20 |
completely without any effort at all. And as it happens, |
| 21 |
there is (a) no way for the user to remedy this situation, |
| 22 |
there is (b) no way to recognize this has happened, and (c) |
| 23 |
the vulnerability has been known for over 1.5 years. |
| 24 |
|
| 25 |
Does that make it any clearer why this problem might be |
| 26 |
worth being solved, like, soon? |
| 27 |
|
| 28 |
Peter |
| 29 |
|
| 30 |
|
| 31 |
-- |
| 32 |
gentoo-security@g.o mailing list |
Archives