| 1 |
based on the openbsd page you pasted, and my own intuitions i'll |
| 2 |
just say this isn't ever going to be done. There is no reason to |
| 3 |
add this kind of checking into the user side of portage. The ports |
| 4 |
security page is an outline of how ports should act, ie: how they |
| 5 |
should be developed, before they ever reach the user. This is the |
| 6 |
correct place to do this sort of checking, the user side is a great |
| 7 |
place to add ssp, et_dyn, etc but as far as security checks go, |
| 8 |
correcting the install paths, etc, the ebuilds do this already |
| 9 |
and anytime there is a necessary change in a Makefile or |
| 10 |
whatever the ebuild does this, this is _NOT_ a user feature and |
| 11 |
never will be one. |
| 12 |
|
| 13 |
this _IS_ however a developer feature, we do have repoman for |
| 14 |
ebuilds but it's checks are limited. If someone were willing to write |
| 15 |
something that could do extensive checking on the whole build |
| 16 |
process that would be welcomed, and maybe a set of regression |
| 17 |
tests targeted at especially sensitive packages. |
| 18 |
|
| 19 |
Joshua Brindle |
| 20 |
|
| 21 |
>>> Jan Krueger <jk@×××××××××××.net> 09/05/03 03:25PM >>> |
| 22 |
On Friday 05 September 2003 18:02, Alexander Gabert wrote: |
| 23 |
> yeah, |
| 24 |
> |
| 25 |
> we should think about source-parsing function pointer bounds checkers |
| 26 |
> and formatstring checkers to round up our efforts in respect to the |
| 27 |
> linear overflow protection provided by the propolice support (SSP) and |
| 28 |
> the process randomization of dynamic PIC binaries by PaX. |
| 29 |
> |
| 30 |
> if you want we can discuss it in the channel #gentoo-hardened on |
| 31 |
I prefer discussion here, because it is searchable/grepable afterwards. |
| 32 |
|
| 33 |
> freenode what solutions are available currently and how hard it would be |
| 34 |
> to update portage (similar approach like the antivirus scanning prep'd |
| 35 |
> by solar some time ago) |
| 36 |
|
| 37 |
So far i came to the conclusion that this should be a portage FEATURE, |
| 38 |
with configuration option in make.conf, like which scans do i want, how deep |
| 39 |
or so, break ebuild or not, scanner options. |
| 40 |
Like that: |
| 41 |
|
| 42 |
after src_unpack(), if feature is set, portage scans the source code, informs |
| 43 |
the user and at the users will, depending on the scan-results, breaks the |
| 44 |
ebuild or continues. |
| 45 |
|
| 46 |
than src_compile |
| 47 |
|
| 48 |
after src_install the files in the image which is to transfer to the real |
| 49 |
filesystem, is, before the transfer scanned for other things, (viri, trojans, |
| 50 |
suids, whatever), reports the results and at the users will, depending on the |
| 51 |
scan-results, breaks the ebuild or continues. |
| 52 |
|
| 53 |
I know about the following source code scanners, almost restricted to c and |
| 54 |
c++: |
| 55 |
flawfinder, http://www.dwheeler.com/flawfinder/ |
| 56 |
splint, http://www.splint.org/ |
| 57 |
its4, http://www.cigital.com/its4/ |
| 58 |
rats, http://www.securesw.com/download_form_rats.htm |
| 59 |
|
| 60 |
Anyway, is there a policy like http://www.openbsd.org/porting.html#Security? |
| 61 |
|
| 62 |
Jan |
| 63 |
|
| 64 |
|
| 65 |
-- |
| 66 |
gentoo-hardened@g.o mailing list |
| 67 |
|
| 68 |
|
| 69 |
-- |
| 70 |
gentoo-hardened@g.o mailing list |
Archives