Archives
Archives
| From: | Peter Simons <simons@××××.to> | ||
|---|---|---|---|
| To: | gentoo-security@l.g.o | ||
| Subject: | [gentoo-security] Re: No, apparently not. | ||
| Date: | Mon, 08 Nov 2004 02:52:36 | ||
| Message-Id: | 87654hqchc.fsf@peti.cryp.to | ||
| In Reply to: | Re: [gentoo-security] No, apparently not. by Ed Grimm |
||
| 1 | Ed Grimm writes: |
| 2 | |
| 3 | > So how is it that having the Manifest files all signed, |
| 4 | > and having the Manifest signatures checked, and checking |
| 5 | > all the MD5 sums in the Manifest files against the files |
| 6 | > in the directories only a partial answer? |
| 7 | |
| 8 | /usr/portage/eclass is not authenticated by this and |
| 9 | contains shell code that's (possibly) executed with |
| 10 | superuser privileges. |
| 11 | |
| 12 | Peter |
| 13 | |
| 14 | |
| 15 | -- |
| 16 | gentoo-security@g.o mailing list |
| Subject | Author |
|---|---|
| Re: [gentoo-security] Re: No, apparently not. | Ed Grimm <paranoid@××××××××××××××××××××××.org> |