From: | Peter Simons <simons@××××.to> | ||
---|---|---|---|
To: | gentoo-security@l.g.o | ||
Subject: | [gentoo-security] Re: No, apparently not. | ||
Date: | Mon, 08 Nov 2004 02:52:36 | ||
Message-Id: | 87654hqchc.fsf@peti.cryp.to | ||
In Reply to: | Re: [gentoo-security] No, apparently not. by Ed Grimm |
1 | Ed Grimm writes: |
2 | |
3 | > So how is it that having the Manifest files all signed, |
4 | > and having the Manifest signatures checked, and checking |
5 | > all the MD5 sums in the Manifest files against the files |
6 | > in the directories only a partial answer? |
7 | |
8 | /usr/portage/eclass is not authenticated by this and |
9 | contains shell code that's (possibly) executed with |
10 | superuser privileges. |
11 | |
12 | Peter |
13 | |
14 | |
15 | -- |
16 | gentoo-security@g.o mailing list |
Subject | Author |
---|---|
Re: [gentoo-security] Re: No, apparently not. | Ed Grimm <paranoid@××××××××××××××××××××××.org> |