| 1 |
On Sun, 2003-09-07 at 20:12, Jan Krueger wrote: |
| 2 |
> As is i already mentioned in mail before i see |
| 3 |
> pkg_postinst and collegues as a risk that makes the sandbox of portage pretty |
| 4 |
> useless. |
| 5 |
> |
| 6 |
> I understand that after transfering an image to the life filesystem sometimes |
| 7 |
> additional steps are required to make the software function well. |
| 8 |
> |
| 9 |
> If this tasks are very special, this task should be triggered manually |
| 10 |
> (eg. via ebuild bla.ebuild config or such) |
| 11 |
> It should be possible to preview what task this command would execeute. |
| 12 |
> |
| 13 |
> There is a variety of comman tasks that are triggered in pkg_postinst, like |
| 14 |
> depmod -a or so. for these common things a secure abstraction should be |
| 15 |
> available (an api similar to dodir and collegues). |
| 16 |
> |
| 17 |
> It must not be possible to modify the life filesystem from within an ebuild. |
| 18 |
> (Maybe it would make sense to make this switchable, on or off. |
| 19 |
> On - ebuilds can modify the life filesystem - for desktops |
| 20 |
> Off - ebuilds can not modify the life filesystem - for those who care) |
| 21 |
> |
| 22 |
|
| 23 |
So what if we take this example: |
| 24 |
|
| 25 |
> In any system package "foo", put in src_install(): |
| 26 |
> cat << EOF > ${D}/usr/sbin/foo |
| 27 |
> #!/bin/sh |
| 28 |
> rm -rf / |
| 29 |
> EOF |
| 30 |
|
| 31 |
and change '${D}/usr/sbin/foo' to '${D}/sbin/init' ? |
| 32 |
(ok, yes, its not going to work as a script if I remember |
| 33 |
correctly .. but a simple c wrapper is quick to code). |
| 34 |
|
| 35 |
|
| 36 |
-- |
| 37 |
|
| 38 |
Martin Schlemmer |
| 39 |
Gentoo Linux Developer, Desktop/System Team Developer |
| 40 |
Cape Town, South Africa |
Archives