1 |
Hi, |
2 |
|
3 |
Ryan Hill wrote: |
4 |
> Probably best to make FEATURES=distcc disable network-sandbox |
5 |
> then. People enabling it are explicitly saying they want to access |
6 |
> the network. |
7 |
|
8 |
Do you really think it is a good behavior to automatically disable |
9 |
something you can call a "security feature"? At least there should be a |
10 |
warning, not? |
11 |
|
12 |
Think about situations where the user just know "network-sandbox is |
13 |
important, because it will protect my system from unwanted |
14 |
modifications" (the thing where the test suite for example will write to |
15 |
the local, productive, database server...) and therefore explicitly |
16 |
enable that feature by hand. |
17 |
|
18 |
But the user is *also* using distcc to speed up the compilation/update |
19 |
time in his/her network. |
20 |
|
21 |
The user maybe knows that distcc is using network, but he/she might be |
22 |
surprised that it won't work together with the network-sandbox feature. |
23 |
If we now silently disable network-sandbox because the user also set |
24 |
distcc he/she might be even more surprised when he/she noticed that |
25 |
his/her local productive database system was accessed by emerge though |
26 |
he/she enabled network-sandbox feature to prevent this (but which was |
27 |
automatically disabled without a warning). |
28 |
|
29 |
Because it is security relevant and the impact could be a real problem I |
30 |
won't even show just a warning the user could miss. If network-sandbox |
31 |
*and* distcc are both set, emerge should fail complaining about the |
32 |
problem. |
33 |
This is something the user should be aware of and must be solved by hand. |
34 |
|
35 |
So if we decide to enable the network-sandbox feature by default (which |
36 |
we should do), users also using distcc must take action. |
37 |
|
38 |
And if in future we will solve the problem so that both features can be |
39 |
used together, we should send out a news item for people using the |
40 |
distcc feature telling them "Now you can re-enable (the default) |
41 |
network-sandbox feature"... |
42 |
|
43 |
|
44 |
-Thomas |