1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Patrick Lauer wrote: |
5 |
>>> The metadata cache is "inert" in the sense that it isn't executable |
6 |
>>> code (and if anyone tries to execute it ... "You're doing it wrong" |
7 |
>>> comes to mind"), so adding it does not pessimize the situation. |
8 |
>> But generating that cache means running code, and one of the things |
9 |
>> that code could do is modify every overlay distributed by the box in |
10 |
>> question such that anyone using any of those overlays will run |
11 |
>> arbitrary code whenever they do emerge -p world. |
12 |
> |
13 |
> Good, this means we have to isolate it so that only each overlay itself exists |
14 |
> in an environment that generates the metadata cache. A bit bothersome, but |
15 |
> nothing more than adding a line or two to the script(s) that drive(s) this |
16 |
> process. |
17 |
|
18 |
If you generate a user with a separate uid for each overlay then |
19 |
that will probably be provide a sufficient level of privilege isolation. |
20 |
- -- |
21 |
Thanks, |
22 |
Zac |
23 |
-----BEGIN PGP SIGNATURE----- |
24 |
Version: GnuPG v2.0.11 (GNU/Linux) |
25 |
|
26 |
iEYEARECAAYFAko+d2MACgkQ/ejvha5XGaPzJQCeIg2d8MVhJTyhZWKCQGtZnY3V |
27 |
Dk8An0f8WnJL/lb7iJZzlB+hxQDfNLTG |
28 |
=pXrm |
29 |
-----END PGP SIGNATURE----- |