| 1 |
Sven Vermeulen posted on Tue, 22 Aug 2017 17:37:51 +0000 as excerpted: |
| 2 |
|
| 3 |
> On Tue, Aug 22, 2017 at 01:22:51PM -0400, Michael Orlitzky wrote: |
| 4 |
>> The net-analyzer/nrpe package has a ./configure flag: |
| 5 |
>> |
| 6 |
>> --enable-command-args allows clients to specify command arguments. |
| 7 |
>> *** THIS IS A SECURITY RISK! *** |
| 8 |
>> Read the SECURITY file before |
| 9 |
>> using this option! |
| 10 |
>> |
| 11 |
>> Back in nrpe-2.x, it was available via USE=command-args, but I dropped |
| 12 |
>> it from nrpe-3.x, and a user just asked about it (bug 628596). There |
| 13 |
>> are at least two things we could do with a dangerous flag like that: |
| 14 |
>> |
| 15 |
>> 1) require EXTRA_ECONF to enable it. |
| 16 |
>> 2) hide it behind a masked USE flag. |
| 17 |
>> |
| 18 |
>> Both options require about the same amount of work from the user, |
| 19 |
>> namely editing something under /etc/portage. What do y'all think is the |
| 20 |
>> best way to proceed? Are there other examples in the tree I could |
| 21 |
>> follow? |
| 22 |
> |
| 23 |
> I like the masked USE flag approach. Using EXTRA_ECONF requires a bit |
| 24 |
> more work from the user (not much though) but is less visible afterwards |
| 25 |
> in my opinion. |
| 26 |
> |
| 27 |
> Perhaps a name that implies that there is a security risk could be |
| 28 |
> interesting, but that's a minor suggestion. |
| 29 |
|
| 30 |
IDR which package it was on, but I remember investigating a USE flag |
| 31 |
called GAPING_SECURITY_HOLE or some such, on some package at some point. |
| 32 |
Turned out it was pretty much just that, but someone needed the feature |
| 33 |
it controlled on their firewalled LAN, and this flag is what the |
| 34 |
maintainer came up with as a solution. |
| 35 |
|
| 36 |
> Is there a way we could somehow ensure that a USE flag is never set |
| 37 |
> globally, but only on a per-package basis? |
| 38 |
|
| 39 |
The only mechanism I'm aware of for that, a hack but arguably an |
| 40 |
effective one, is including the package name in the USE flag. |
| 41 |
|
| 42 |
Combining all three suggestions, masked USE flag including the name of |
| 43 |
the package and a warning such as GAPING_SECURITY_HOLE (the ALL CAPS |
| 44 |
helps distinguish it too, since most USE flags are lowercase) in the |
| 45 |
name, say as ... |
| 46 |
|
| 47 |
nrpe-command-args-SECURITY-HOLE |
| 48 |
or just |
| 49 |
nrpe-GAPING-SECURITY-HOLE |
| 50 |
|
| 51 |
... seems to me the most effective. Anyone that would even *think* to |
| 52 |
enable something like that without doing some *serious* investigation |
| 53 |
first, arguably shouldn't be using gentoo in the first place. |
| 54 |
|
| 55 |
-- |
| 56 |
Duncan - List replies preferred. No HTML msgs. |
| 57 |
"Every nonfree program has a lord, a master -- |
| 58 |
and if you use the program, he is your master." Richard Stallman |
Archives