1 |
Matthias Schwarzott <zzam@g.o> posted |
2 |
200706201515.20684.zzam@g.o, excerpted below, on Wed, 20 Jun 2007 |
3 |
15:15:20 +0200: |
4 |
|
5 |
> On Mittwoch, 20. Juni 2007, Olivier Crête wrote: |
6 |
>> |
7 |
>> I will claim that almost any file in /etc is potentially sensitive |
8 |
>> (even if it does not contain passwords, if may contain other |
9 |
>> informations interesting to a cracker). And even if we did what you |
10 |
>> propose, we'd run the risk of missing some and giving the user a false |
11 |
>> sense of security. |
12 |
>> |
13 |
>> Maybe we should document somewhere that the only way to make bin pkg |
14 |
>> that are safe for public distribution is to do emerge -b or -B .. And |
15 |
>> that pkgs built with quickpkg may contain sensitive information. |
16 |
> |
17 |
> If there is smart conf-file updating inside pkg_preinst(), I think even |
18 |
> emerge -b could be unsafe. |
19 |
|
20 |
If so, then something is broken. pkg_preinst is for stuff done to the |
21 |
/live/ file system (as opposed to the fake install, which is what's |
22 |
packaged), according to the ebuild (5) manpage. As such, it should be |
23 |
done when the binary package is actually merged (qmerged), since said |
24 |
binary package may be (and often is) installed to a system other than the |
25 |
one it was compiled on. |
26 |
|
27 |
If pkg_preinst is modifying as-shipped bin-pkg config files based on the |
28 |
"live" filesystem of the build system, not the target system, something's |
29 |
seriously broken. If it's not, then it's not unsafe after all, at least |
30 |
not in this context. In this regard, -b/-B behavior should be identical. |
31 |
|
32 |
-- |
33 |
Duncan - List replies preferred. No HTML msgs. |
34 |
"Every nonfree program has a lord, a master -- |
35 |
and if you use the program, he is your master." Richard Stallman |
36 |
|
37 |
-- |
38 |
gentoo-dev@g.o mailing list |