| 1 |
Matthias Schwarzott <zzam@g.o> posted |
| 2 |
200706201515.20684.zzam@g.o, excerpted below, on Wed, 20 Jun 2007 |
| 3 |
15:15:20 +0200: |
| 4 |
|
| 5 |
> On Mittwoch, 20. Juni 2007, Olivier Crête wrote: |
| 6 |
>> |
| 7 |
>> I will claim that almost any file in /etc is potentially sensitive |
| 8 |
>> (even if it does not contain passwords, if may contain other |
| 9 |
>> informations interesting to a cracker). And even if we did what you |
| 10 |
>> propose, we'd run the risk of missing some and giving the user a false |
| 11 |
>> sense of security. |
| 12 |
>> |
| 13 |
>> Maybe we should document somewhere that the only way to make bin pkg |
| 14 |
>> that are safe for public distribution is to do emerge -b or -B .. And |
| 15 |
>> that pkgs built with quickpkg may contain sensitive information. |
| 16 |
> |
| 17 |
> If there is smart conf-file updating inside pkg_preinst(), I think even |
| 18 |
> emerge -b could be unsafe. |
| 19 |
|
| 20 |
If so, then something is broken. pkg_preinst is for stuff done to the |
| 21 |
/live/ file system (as opposed to the fake install, which is what's |
| 22 |
packaged), according to the ebuild (5) manpage. As such, it should be |
| 23 |
done when the binary package is actually merged (qmerged), since said |
| 24 |
binary package may be (and often is) installed to a system other than the |
| 25 |
one it was compiled on. |
| 26 |
|
| 27 |
If pkg_preinst is modifying as-shipped bin-pkg config files based on the |
| 28 |
"live" filesystem of the build system, not the target system, something's |
| 29 |
seriously broken. If it's not, then it's not unsafe after all, at least |
| 30 |
not in this context. In this regard, -b/-B behavior should be identical. |
| 31 |
|
| 32 |
-- |
| 33 |
Duncan - List replies preferred. No HTML msgs. |
| 34 |
"Every nonfree program has a lord, a master -- |
| 35 |
and if you use the program, he is your master." Richard Stallman |
| 36 |
|
| 37 |
-- |
| 38 |
gentoo-dev@g.o mailing list |
Archives