1 |
On Sunday 07 September 2003 18:21, Martin Schlemmer wrote: |
2 |
> On Sun, 2003-09-07 at 22:18, Jan Krueger wrote: |
3 |
> > On Sunday 07 September 2003 17:57, Martin Schlemmer wrote: |
4 |
> > > and change '${D}/usr/sbin/foo' to '${D}/sbin/init' ? |
5 |
> > > (ok, yes, its not going to work as a script if I remember |
6 |
> > > correctly .. but a simple c wrapper is quick to code). |
7 |
> > |
8 |
> > Cool, you just found another security bug in portage! |
9 |
> > |
10 |
> > go on :) |
11 |
> > |
12 |
> > So, the required feature thats implied with your detection, would be the |
13 |
> > possibility to protect the already installed packages from modification |
14 |
> > through installation of another package. |
15 |
> |
16 |
> And if this was baselayout that was compromised ? |
17 |
|
18 |
Then you either |
19 |
-should have audited the ebuild and code of baselayout |
20 |
-hope that the md5sum protection alarmes you |
21 |
-hope that the signature protection alarmes you (not yet implemented) |
22 |
-hope that the security-oriented program analysis alarmes you (not yet |
23 |
implemented) |
24 |
-hope that the problem hit someone else before you so it got widely published |
25 |
and you read the news |
26 |
-hope that the automated test-procedures of gentoo detects the fault (not yet |
27 |
implemented) |
28 |
-invent a special baselayout protection |
29 |
-have a second authorized tree that got not compromised (because operational |
30 |
independend to the one gentoo tree with a special procedure that aims to |
31 |
prevent to move of compromised things between the trees) to compare against |
32 |
before emerge. |
33 |
-install some other os (with maybe different problems) |
34 |
-go out for a walk and watch sparrows or so :) |
35 |
-forbid the emerge of baselayout because you think its better to install |
36 |
baselayout in a special hardened way instead. |
37 |
|
38 |
i better stop now, it seems i could make this list very long :) |
39 |
|
40 |
Jan |
41 |
|
42 |
|
43 |
-- |
44 |
gentoo-dev@g.o mailing list |