Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Ciaran McCreesh <ciaran.mccreesh@××××××××××.com>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [RFC] Overlays and Metadata Cache
Date: Sun, 21 Jun 2009 14:26:55
Message-Id: 20090621152647.11268b88@snowcone
In Reply to: Re: [gentoo-dev] [RFC] Overlays and Metadata Cache by Patrick Lauer
1 On Sun, 21 Jun 2009 10:43:27 +0200
2 Patrick Lauer <patrick@g.o> wrote:
3 > > > > How much do you trust the people running the overlays listed in
4 > > > > layman?
5 > > >
6 > > > VirtualBox.
7 > >
8 > > And how do you use VirtualBox to prevent one malicious person from
9 > > running arbitrary code on the system of anyone using any layman
10 > > overlay?
11 >
12 > Ah. I thought you were referring to the issues involved in sourcing
13 > ebuilds.
14
15 I am.
16
17 > But as you shift the discussion now ... well ... right now we allow
18 > almost everyone to add an overlay to the layman config. So we trust
19 > overlay maintainers not to screw users.
20 >
21 > The metadata cache is "inert" in the sense that it isn't executable
22 > code (and if anyone tries to execute it ... "You're doing it wrong"
23 > comes to mind"), so adding it does not pessimize the situation.
24
25 But generating that cache means running code, and one of the things
26 that code could do is modify every overlay distributed by the box in
27 question such that anyone using any of those overlays will run
28 arbitrary code whenever they do emerge -p world.
29
30 > Hmm. I can't think of any sane way to prevent people from writing bad
31 > ebuilds. And I also can't think of a reliable method to detect such
32 > or prevent users from trying to use them. In short, we just have to
33 > trust people. As a sidenote, we just randomly trust devs too. And it
34 > usually works ...
35
36 There's a big difference between the levels of verification done for
37 developers and that which is done for overlay maintainers. Currently,
38 any overlay maintainer can root any box on which their overlay is used
39 (whether or not anything from that overlay is installed). You're
40 escalating this to any layman-listed overlay maintainer being able to
41 root any box using any layman-listed overlay.
42
43 --
44 Ciaran McCreesh

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-dev] [RFC] Overlays and Metadata Cache Patrick Lauer <patrick@g.o>
Report Message
Find on MARC Find on Google Groups