| 1 |
On Sunday 07 September 2003 18:21, Martin Schlemmer wrote: |
| 2 |
> On Sun, 2003-09-07 at 22:18, Jan Krueger wrote: |
| 3 |
> > On Sunday 07 September 2003 17:57, Martin Schlemmer wrote: |
| 4 |
> > > and change '${D}/usr/sbin/foo' to '${D}/sbin/init' ? |
| 5 |
> > > (ok, yes, its not going to work as a script if I remember |
| 6 |
> > > correctly .. but a simple c wrapper is quick to code). |
| 7 |
> > |
| 8 |
> > Cool, you just found another security bug in portage! |
| 9 |
> > |
| 10 |
> > go on :) |
| 11 |
> > |
| 12 |
> > So, the required feature thats implied with your detection, would be the |
| 13 |
> > possibility to protect the already installed packages from modification |
| 14 |
> > through installation of another package. |
| 15 |
> |
| 16 |
> And if this was baselayout that was compromised ? |
| 17 |
|
| 18 |
Then you either |
| 19 |
-should have audited the ebuild and code of baselayout |
| 20 |
-hope that the md5sum protection alarmes you |
| 21 |
-hope that the signature protection alarmes you (not yet implemented) |
| 22 |
-hope that the security-oriented program analysis alarmes you (not yet |
| 23 |
implemented) |
| 24 |
-hope that the problem hit someone else before you so it got widely published |
| 25 |
and you read the news |
| 26 |
-hope that the automated test-procedures of gentoo detects the fault (not yet |
| 27 |
implemented) |
| 28 |
-invent a special baselayout protection |
| 29 |
-have a second authorized tree that got not compromised (because operational |
| 30 |
independend to the one gentoo tree with a special procedure that aims to |
| 31 |
prevent to move of compromised things between the trees) to compare against |
| 32 |
before emerge. |
| 33 |
-install some other os (with maybe different problems) |
| 34 |
-go out for a walk and watch sparrows or so :) |
| 35 |
-forbid the emerge of baselayout because you think its better to install |
| 36 |
baselayout in a special hardened way instead. |
| 37 |
|
| 38 |
i better stop now, it seems i could make this list very long :) |
| 39 |
|
| 40 |
Jan |
| 41 |
|
| 42 |
|
| 43 |
-- |
| 44 |
gentoo-dev@g.o mailing list |
Archives