1 |
based on the openbsd page you pasted, and my own intuitions i'll |
2 |
just say this isn't ever going to be done. There is no reason to |
3 |
add this kind of checking into the user side of portage. The ports |
4 |
security page is an outline of how ports should act, ie: how they |
5 |
should be developed, before they ever reach the user. This is the |
6 |
correct place to do this sort of checking, the user side is a great |
7 |
place to add ssp, et_dyn, etc but as far as security checks go, |
8 |
correcting the install paths, etc, the ebuilds do this already |
9 |
and anytime there is a necessary change in a Makefile or |
10 |
whatever the ebuild does this, this is _NOT_ a user feature and |
11 |
never will be one. |
12 |
|
13 |
this _IS_ however a developer feature, we do have repoman for |
14 |
ebuilds but it's checks are limited. If someone were willing to write |
15 |
something that could do extensive checking on the whole build |
16 |
process that would be welcomed, and maybe a set of regression |
17 |
tests targeted at especially sensitive packages. |
18 |
|
19 |
Joshua Brindle |
20 |
|
21 |
>>> Jan Krueger <jk@×××××××××××.net> 09/05/03 03:25PM >>> |
22 |
On Friday 05 September 2003 18:02, Alexander Gabert wrote: |
23 |
> yeah, |
24 |
> |
25 |
> we should think about source-parsing function pointer bounds checkers |
26 |
> and formatstring checkers to round up our efforts in respect to the |
27 |
> linear overflow protection provided by the propolice support (SSP) and |
28 |
> the process randomization of dynamic PIC binaries by PaX. |
29 |
> |
30 |
> if you want we can discuss it in the channel #gentoo-hardened on |
31 |
I prefer discussion here, because it is searchable/grepable afterwards. |
32 |
|
33 |
> freenode what solutions are available currently and how hard it would be |
34 |
> to update portage (similar approach like the antivirus scanning prep'd |
35 |
> by solar some time ago) |
36 |
|
37 |
So far i came to the conclusion that this should be a portage FEATURE, |
38 |
with configuration option in make.conf, like which scans do i want, how deep |
39 |
or so, break ebuild or not, scanner options. |
40 |
Like that: |
41 |
|
42 |
after src_unpack(), if feature is set, portage scans the source code, informs |
43 |
the user and at the users will, depending on the scan-results, breaks the |
44 |
ebuild or continues. |
45 |
|
46 |
than src_compile |
47 |
|
48 |
after src_install the files in the image which is to transfer to the real |
49 |
filesystem, is, before the transfer scanned for other things, (viri, trojans, |
50 |
suids, whatever), reports the results and at the users will, depending on the |
51 |
scan-results, breaks the ebuild or continues. |
52 |
|
53 |
I know about the following source code scanners, almost restricted to c and |
54 |
c++: |
55 |
flawfinder, http://www.dwheeler.com/flawfinder/ |
56 |
splint, http://www.splint.org/ |
57 |
its4, http://www.cigital.com/its4/ |
58 |
rats, http://www.securesw.com/download_form_rats.htm |
59 |
|
60 |
Anyway, is there a policy like http://www.openbsd.org/porting.html#Security? |
61 |
|
62 |
Jan |
63 |
|
64 |
|
65 |
-- |
66 |
gentoo-hardened@g.o mailing list |
67 |
|
68 |
|
69 |
-- |
70 |
gentoo-hardened@g.o mailing list |