1 |
On Mon, 2019-02-04 at 15:04 +0100, Alexis Ballier wrote: |
2 |
> On Mon, 04 Feb 2019 14:54:40 +0100 |
3 |
> Michał Górny <mgorny@g.o> wrote: |
4 |
> |
5 |
> > On Mon, 2019-02-04 at 14:48 +0100, Alexis Ballier wrote: |
6 |
> > > On Mon, 04 Feb 2019 14:28:28 +0100 |
7 |
> > > Michał Górny <mgorny@g.o> wrote: |
8 |
> > > |
9 |
> > > > On Mon, 2019-02-04 at 11:58 +0100, Alexis Ballier wrote: |
10 |
> > > > > On Sun, 03 Feb 2019 20:28:49 +0100 |
11 |
> > > > > Michał Górny <mgorny@g.o> wrote: |
12 |
> > > > > |
13 |
> > > > > > --- |
14 |
> > > > > > What do you think? |
15 |
> > > > > > |
16 |
> > > > > |
17 |
> > > > > What is the difference with sunrise ? |
18 |
> > > > |
19 |
> > > > The difference, as noted in the mail, is that it doesn't rely |
20 |
> > > > on developers having time to review ebuilds. Therefore, it is |
21 |
> > > > less likely to die because of developers lacking time to review |
22 |
> > > > stuff. |
23 |
> > > |
24 |
> > > |
25 |
> > > Then I fear you will see the same pitfalls, and it already started: |
26 |
> > > I recall sunrise haters being very strongly against the idea |
27 |
> > > because, TBH, our sandboxing mechanism isn't a real sandbox. It may |
28 |
> > > have improved, but I doubt it's up to the point that we can safely |
29 |
> > > run untrusted code there. |
30 |
> > |
31 |
> > Sandboxing has nothing to do with security, and trying to 'improve' |
32 |
> > its security is a waste of time. What's the point of preventing |
33 |
> > ebuilds from doing malicious things at build time if they can install |
34 |
> > files that do malicious things afterwards? |
35 |
> |
36 |
> |
37 |
> Because one may or may not run a malicious binary. You are more likely |
38 |
> to install it. And even more likely to source the ebuild. |
39 |
|
40 |
1. There are trivial ways to make you run something. Imagine an ebuild |
41 |
installing into /etc/local.d. Or /etc/cron.d. |
42 |
|
43 |
2. By design, postinst is run with full privileges. It is meant to |
44 |
allow ebuilds to run stuff, as root. |
45 |
|
46 |
-- |
47 |
Best regards, |
48 |
Michał Górny |