1 |
On Sun, 2003-09-07 at 20:12, Jan Krueger wrote: |
2 |
> As is i already mentioned in mail before i see |
3 |
> pkg_postinst and collegues as a risk that makes the sandbox of portage pretty |
4 |
> useless. |
5 |
> |
6 |
> I understand that after transfering an image to the life filesystem sometimes |
7 |
> additional steps are required to make the software function well. |
8 |
> |
9 |
> If this tasks are very special, this task should be triggered manually |
10 |
> (eg. via ebuild bla.ebuild config or such) |
11 |
> It should be possible to preview what task this command would execeute. |
12 |
> |
13 |
> There is a variety of comman tasks that are triggered in pkg_postinst, like |
14 |
> depmod -a or so. for these common things a secure abstraction should be |
15 |
> available (an api similar to dodir and collegues). |
16 |
> |
17 |
> It must not be possible to modify the life filesystem from within an ebuild. |
18 |
> (Maybe it would make sense to make this switchable, on or off. |
19 |
> On - ebuilds can modify the life filesystem - for desktops |
20 |
> Off - ebuilds can not modify the life filesystem - for those who care) |
21 |
> |
22 |
|
23 |
So what if we take this example: |
24 |
|
25 |
> In any system package "foo", put in src_install(): |
26 |
> cat << EOF > ${D}/usr/sbin/foo |
27 |
> #!/bin/sh |
28 |
> rm -rf / |
29 |
> EOF |
30 |
|
31 |
and change '${D}/usr/sbin/foo' to '${D}/sbin/init' ? |
32 |
(ok, yes, its not going to work as a script if I remember |
33 |
correctly .. but a simple c wrapper is quick to code). |
34 |
|
35 |
|
36 |
-- |
37 |
|
38 |
Martin Schlemmer |
39 |
Gentoo Linux Developer, Desktop/System Team Developer |
40 |
Cape Town, South Africa |