| 1 |
On Sunday 07 September 2003 20:35, Jon Portnoy wrote: |
| 2 |
> What, that any situation involving installing software is going to have |
| 3 |
> security holes? That's the nature of software installation. |
| 4 |
|
| 5 |
The gift of portage is a new quality of automated software installation |
| 6 |
system, easy to use, never seen before. This is good. |
| 7 |
|
| 8 |
However by being a full automated software installation system portage has a |
| 9 |
very high responsibilty for the integrity of the system it is run on. |
| 10 |
|
| 11 |
The discussion should have shown you, that the current portage can not bear |
| 12 |
this responsibility. |
| 13 |
|
| 14 |
This thread showed and will continue to show: |
| 15 |
ebuilds can overwrite any system file |
| 16 |
ebuilds can wipe your box |
| 17 |
ebuilds are affecting system integrity |
| 18 |
ebuilds lack quality |
| 19 |
|
| 20 |
Some of you think this can be addressed by: |
| 21 |
qa |
| 22 |
signing ebuilds and files |
| 23 |
|
| 24 |
I say: |
| 25 |
this is not sufficient. |
| 26 |
|
| 27 |
Again examples from the actual tree, so you can try yourself: |
| 28 |
1. emerge ezmlm and emerge ezmlm-idx |
| 29 |
providing slightly different funtionality they will overwrite each other |
| 30 |
(instead of blocking each other) |
| 31 |
|
| 32 |
2. emerge heartbeat (sys-cluster/heartbeat-1.0.3-r1, marked x86, so considered |
| 33 |
stable) |
| 34 |
If your emerge was successfull (it will be as long as you dont have snmp |
| 35 |
installed), try to get it running! You wont! Then take a look at |
| 36 |
bugs.gentoo.org since when important fixes are available. |
| 37 |
|
| 38 |
This two examples clearly show what the current qa is worth. (Well i respect |
| 39 |
it very much, but its not perfect and never will be, thats qa, qa you for |
| 40 |
sure know from other software/hardware products you use and used before, you |
| 41 |
know the deficencies of qa then) |
| 42 |
I am pretty sure you can post examples from the tree yourself. |
| 43 |
|
| 44 |
And to me its clear why it is like that (at least on reason): |
| 45 |
If you compare the number of ebuilds to the number of CVS committers than you |
| 46 |
will see, that it is impossible for each CVS-commiter to make a valuable |
| 47 |
statement of the quality of the software and/or ebuild he/she is going to |
| 48 |
commit. There are to many ebuilds. |
| 49 |
|
| 50 |
(i see this as an organizational deficiency of gentoo) |
| 51 |
So it is probable that faulty ebuilds hit the tree. They are there actually. |
| 52 |
|
| 53 |
Conclusion for me: |
| 54 |
I expect faulty ebuilds. they are there. (you will never wipe them out until |
| 55 |
you change the organization of gentoo development to a more apropriate model, |
| 56 |
and even then, you can only reduce the amount of faulty ebuilds. ebuilds are |
| 57 |
software, software has bugs.) |
| 58 |
|
| 59 |
and therefore: |
| 60 |
i hold portage responsible to protect my system from faulty ebuilds as much as |
| 61 |
it can. |
| 62 |
if not portage, who else? there is just me left, but then, i dont need |
| 63 |
portage. |
| 64 |
|
| 65 |
I made several suggestions how portage can be improved to protect the system |
| 66 |
it is run on. |
| 67 |
-prevent ebuilds from modifying the life filesystem |
| 68 |
-allow the actual package install process only to add files to the filesystem |
| 69 |
or to only modify/remove files that belong to an revision of the same ebuild |
| 70 |
(qa would benefit from this suggestions too.) |
| 71 |
This would result in: |
| 72 |
-enforced package integrity |
| 73 |
-wiping my box from within the ebuild is no longer possible |
| 74 |
Please implement the suggestions. |
| 75 |
|
| 76 |
Do you understand me? |
| 77 |
|
| 78 |
If still not, i will remind you of former times, when bootblock virii have |
| 79 |
been very successfull. Why do you think they have been successfull and are no |
| 80 |
longer? |
| 81 |
Answer: Because it was possible to modify the bootblock. |
| 82 |
|
| 83 |
It is possible for an ebuild to wipe your box. |
| 84 |
|
| 85 |
So doesnt this scare you now? |
| 86 |
|
| 87 |
Jan |
| 88 |
|
| 89 |
|
| 90 |
-- |
| 91 |
gentoo-dev@g.o mailing list |
Archives