1 |
there are many files out there that contain critical information about your |
2 |
system ... lets look at /etc/shadow |
3 |
|
4 |
baselayout installs this file, yet it is not listed in CONTENTS for a very |
5 |
good reason ... if someone were to run `quickpkg baselayout` and post the |
6 |
file somewhere, they could easily have done so without realizing the |
7 |
implications. social engineering on irc for example would be trivial to |
8 |
accomplish this and say hello to my little root shell. |
9 |
|
10 |
however, there are certainly cases where the admin fully knows what they're |
11 |
doing and they want to create a binary package of their system with these |
12 |
sensitive files ... so where to meet in the middle. |
13 |
|
14 |
mayhaps we need a new function to be run in src_install() to label files |
15 |
as "sensitive" ... so baselayout would do: |
16 |
esosensitive /etc/{fstab,group,passwd,shadow} |
17 |
and then we expand the format of CONTENTS in the vdb: |
18 |
priv /etc/fstab <hash> <mtime> |
19 |
|
20 |
any other potential ideas ? (pretend my idea here isnt the greatest thing |
21 |
since Robot Chicken) |
22 |
-mike |