| 1 |
On Saturday 20 June 2009 21:00:46 Ciaran McCreesh wrote: |
| 2 |
> On Sat, 20 Jun 2009 20:40:17 +0200 |
| 3 |
> |
| 4 |
> Patrick Lauer <patrick@g.o> wrote: |
| 5 |
> > > Have you thought about the security implications of this? |
| 6 |
> > |
| 7 |
> > Yes. |
| 8 |
> > |
| 9 |
> > > How much do you trust the people running the overlays listed in |
| 10 |
> > > layman? |
| 11 |
> > |
| 12 |
> > VirtualBox. |
| 13 |
> |
| 14 |
> And how do you use VirtualBox to prevent one malicious person from |
| 15 |
> running arbitrary code on the system of anyone using any layman overlay? |
| 16 |
|
| 17 |
Ah. I thought you were referring to the issues involved in sourcing ebuilds. |
| 18 |
|
| 19 |
But as you shift the discussion now ... well ... right now we allow almost |
| 20 |
everyone to add an overlay to the layman config. So we trust overlay |
| 21 |
maintainers not to screw users. |
| 22 |
|
| 23 |
The metadata cache is "inert" in the sense that it isn't executable code (and |
| 24 |
if anyone tries to execute it ... "You're doing it wrong" comes to mind"), so |
| 25 |
adding it does not pessimize the situation. |
| 26 |
|
| 27 |
So how do we guarantee that overlay maintainers (many who aren't even devs and |
| 28 |
thus might not be subjectively held to the same standards) don't screw users? |
| 29 |
|
| 30 |
Hmm. I can't think of any sane way to prevent people from writing bad ebuilds. |
| 31 |
And I also can't think of a reliable method to detect such or prevent users |
| 32 |
from trying to use them. In short, we just have to trust people. |
| 33 |
As a sidenote, we just randomly trust devs too. And it usually works ... |
Archives