Gentoo Archives: gentoo-dev

From: "Chris L. Mason" <clmason@×××××.com>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Non-root emerges
Date: Thu, 30 Sep 2004 19:17:03
Message-Id: 610e346604093012179094acb@mail.gmail.com
In Reply to: Re: [gentoo-dev] Non-root emerges by "Stephen P. Becker"
1 On Thu, 30 Sep 2004 15:04:44 -0400, Stephen P. Becker <geoman@g.o> wrote:
2 >
3 > Really though, it only becomes insecure if the source code can't be
4 > trusted. This has become a bit more complicated/worrisome lately since
5 > it has been demonstrated that malicious source tarballs with the same
6 > md5sum as as the originals could be used to attack a gentoo install. I
7 > think steps are being taken to remove this possibility from affecting
8 > portage, however.
9 >
10
11 Remember, it's not just security though. A bug in a script when run
12 as root could wipe out all or parts of a system.
13
14
15 Chris
16
17 --
18 gentoo-dev@g.o mailing list

Replies

Subject Author
Re: [gentoo-dev] Non-root emerges "Stephen P. Becker" <geoman@g.o>