1 |
On Sun, 21 Jun 2009 10:43:27 +0200 |
2 |
Patrick Lauer <patrick@g.o> wrote: |
3 |
> > > > How much do you trust the people running the overlays listed in |
4 |
> > > > layman? |
5 |
> > > |
6 |
> > > VirtualBox. |
7 |
> > |
8 |
> > And how do you use VirtualBox to prevent one malicious person from |
9 |
> > running arbitrary code on the system of anyone using any layman |
10 |
> > overlay? |
11 |
> |
12 |
> Ah. I thought you were referring to the issues involved in sourcing |
13 |
> ebuilds. |
14 |
|
15 |
I am. |
16 |
|
17 |
> But as you shift the discussion now ... well ... right now we allow |
18 |
> almost everyone to add an overlay to the layman config. So we trust |
19 |
> overlay maintainers not to screw users. |
20 |
> |
21 |
> The metadata cache is "inert" in the sense that it isn't executable |
22 |
> code (and if anyone tries to execute it ... "You're doing it wrong" |
23 |
> comes to mind"), so adding it does not pessimize the situation. |
24 |
|
25 |
But generating that cache means running code, and one of the things |
26 |
that code could do is modify every overlay distributed by the box in |
27 |
question such that anyone using any of those overlays will run |
28 |
arbitrary code whenever they do emerge -p world. |
29 |
|
30 |
> Hmm. I can't think of any sane way to prevent people from writing bad |
31 |
> ebuilds. And I also can't think of a reliable method to detect such |
32 |
> or prevent users from trying to use them. In short, we just have to |
33 |
> trust people. As a sidenote, we just randomly trust devs too. And it |
34 |
> usually works ... |
35 |
|
36 |
There's a big difference between the levels of verification done for |
37 |
developers and that which is done for overlay maintainers. Currently, |
38 |
any overlay maintainer can root any box on which their overlay is used |
39 |
(whether or not anything from that overlay is installed). You're |
40 |
escalating this to any layman-listed overlay maintainer being able to |
41 |
root any box using any layman-listed overlay. |
42 |
|
43 |
-- |
44 |
Ciaran McCreesh |