| 1 |
Hi, |
| 2 |
|
| 3 |
Ryan Hill wrote: |
| 4 |
> Probably best to make FEATURES=distcc disable network-sandbox |
| 5 |
> then. People enabling it are explicitly saying they want to access |
| 6 |
> the network. |
| 7 |
|
| 8 |
Do you really think it is a good behavior to automatically disable |
| 9 |
something you can call a "security feature"? At least there should be a |
| 10 |
warning, not? |
| 11 |
|
| 12 |
Think about situations where the user just know "network-sandbox is |
| 13 |
important, because it will protect my system from unwanted |
| 14 |
modifications" (the thing where the test suite for example will write to |
| 15 |
the local, productive, database server...) and therefore explicitly |
| 16 |
enable that feature by hand. |
| 17 |
|
| 18 |
But the user is *also* using distcc to speed up the compilation/update |
| 19 |
time in his/her network. |
| 20 |
|
| 21 |
The user maybe knows that distcc is using network, but he/she might be |
| 22 |
surprised that it won't work together with the network-sandbox feature. |
| 23 |
If we now silently disable network-sandbox because the user also set |
| 24 |
distcc he/she might be even more surprised when he/she noticed that |
| 25 |
his/her local productive database system was accessed by emerge though |
| 26 |
he/she enabled network-sandbox feature to prevent this (but which was |
| 27 |
automatically disabled without a warning). |
| 28 |
|
| 29 |
Because it is security relevant and the impact could be a real problem I |
| 30 |
won't even show just a warning the user could miss. If network-sandbox |
| 31 |
*and* distcc are both set, emerge should fail complaining about the |
| 32 |
problem. |
| 33 |
This is something the user should be aware of and must be solved by hand. |
| 34 |
|
| 35 |
So if we decide to enable the network-sandbox feature by default (which |
| 36 |
we should do), users also using distcc must take action. |
| 37 |
|
| 38 |
And if in future we will solve the problem so that both features can be |
| 39 |
used together, we should send out a news item for people using the |
| 40 |
distcc feature telling them "Now you can re-enable (the default) |
| 41 |
network-sandbox feature"... |
| 42 |
|
| 43 |
|
| 44 |
-Thomas |
Archives